facebook over https is online

loook under my account | settings | security:

facebook security settings

:-))

Veröffentlicht in Basics, English, Miscellaneous. Schlagwörter: , . Leave a Comment »

diaspora is https throughout

see https://joindiaspora.com/ and tells me I’ve got ten invites left – any takers?

;-)) Michael

Veröffentlicht in English, Miscellaneous. Schlagwörter: , . Leave a Comment »

facebook over https

Played around on facebook yesterday. You can reach facebook over https, thus encrypting your session cookies and the rest of your traffic. The downside is that facebook does nor stay consistently on https. Some links spit you back to http without encryption. I hope they will fix that soon …

Veröffentlicht in Basics, English, Miscellaneous. Schlagwörter: , . Leave a Comment »

You will be 0wn3d at the next public hotspot

Someone told me, there was an easy way to hack facebook and other accounts at free WiFi-hotspots, because they didn’t encrypt their traffic …
… my first reaction was like „what kind of bs is that?“, but when my contact said, this was the way schoolkids used to deface their classmates facebook accounts I decided to investigate. So here’s the short, simplified version:

  • If you log on to your favorite service on the net, you are sure to use encrypted sign-in pages – at this point everything is fine.
  • As soon as you are logged on, you get a „session cookie“ that identifies you against all of the following non encrypted http-pages. This session cookie is transmitted unencrypted, since you are communicating via http, not https or SSL.
  • A (public) hotspot acts – technically speaking – as a network hub, transmitting all payload traffic to all connected addresses, so theoretically and practically all session cookies are transmitted unencrypted to all devices connected to the public hotspot. The only difference between public and non-public hotspots ist that everybody can use the public hotspot, whereas private WLans try to shut out the bad boys (and girls!) …
  • If you are in possession of such a session cookie, you can impersonate the original owners of said session cookie, i.e. use their account, change passwords, deface profiles – you name it!

See how easy it is with firesheep in a tutorial or on youtube

Or try it yourself: firesheep download for firefox (TM)

This is one of the main reasons security-aware companies like cirosec no longer offer http-webpages – try to change the address of their site from https to http and see what happens …

As long as your favorite portal has not yet implemented this, you should consider using public hotspots with caution or not at all – at least not to access vital personal and sensitive information portals.

If you provide logons using session cookies – who doesn’t – you should consider moving all of your pages to encrypted communication i.e. https!

Veröffentlicht in Basics, English, Miscellaneous. Schlagwörter: . Leave a Comment »

to all content providers: it might be so easy …

… if you would only open your content to innovation:

http://dev.joeblade.com/2011/01/guardian-snapshot-an-os-x-dashboard-widget/

instead an increasing number of (content providers) publishing houses go closed shop – what a pity – see you all at insolvency court proceedings …

die Privatisierung der Erträge aus web 2.0 schreitet voran

Nein, ich bin nicht dagegen, dass facebook seine Infrastruktur und seine Betriebskosten refinanziert. Allenfalls die Nutzung von gratis erbrachten Leistungen von Nutzern stößt mir auf: http://www.heise.de/newsticker/meldung/Facebook-macht-Mitglieder-zu-Werbetraegern-1176991.html

Werbung ist in Ordnung, aber die Einbindung einzelner Individuen des Hivemind als Werbebotschafter finde ich als digitaler Immigrant ein wenig schräg, oder besser politically incorrect. Aber vielleicht sehen des die digitalen Eingeborenen entspannter …

Cloud Security from an egov perspective

Not only interesting for government-agencies on various levels, but also from the general perspective of data security, intellectual property and data that are going to distinguish your company from its competitors:

Governmental Cloud in the EU – New Agency Report

Hopefully this will provide insights into considerations concerning availability, privacy and security of – much hyped (?) cloud providers. I will have to read that!

Veröffentlicht in Basics, English, Miscellaneous. Schlagwörter: , , . Leave a Comment »
%d Bloggern gefällt das: