Firesheep which interface to choose

The installation and related configuration of the plugin are introduced here. In the original tutorial, there are instructions for use. I will write it together with script changes and other work in my next article. Because the websites that Firesheep can crawl are Facebook and twitter, which are rarely used in China. In order to illustrate the power of Firesheep, I will use Renren as an example to introduce the use of Firesheep in the next article.

Tech Community Register Log in. Tutorial: using firesheep plugin under Linux. FaceBook Share. It is not the solution, and I think it is misleading and dangerous to imply that it is, but it helps a little nonetheless. I have much more to say about this. But the point is: there is no silver bullet.

Generate fear and you generate discussion. Discussion is not a bad thing. It is amazing the wealth of accurate information posted here by those considerably more knowledgeable. I have directed many discussion located elsewhere on the net to this comment section so that others might benefit from this knowledge and a more informed discussion.

Thanks to those that have brought some reason to the table. I just painfully went through the comments to see if anyone really disagreed about the use of WPA being a wise thing to do…. The disagreement had to do with the degree of importance WPA had in relation to this discussion of Firesheep type tools.

I find some of the comments condescending. I would argue that any potential game change is because those journalists now just made a big deal of it…. In short, they just did all of the marketing and advertising. On the positive side, perhaps the attention brought by these journalist will have readers getting a bit more educated about the potential vulnerabilities. What is bugging me is that some seem to be implying that WPA is some sort of panacea without also emphasizing the total picture i.

Here is our approach to WiFi and has been for a while. I would like to hear some comments. We have our disk encrypted on the laptop using Truecrypt.

We have a firewall always active and a Virus protection. We also use Malwarebytes and Super Anti-Spyware. Our virus protection has a safe surfing program. So for the average WiFi cruiser using open WiFi when available and Marina or Hotel Wifi often, What else can the average cruiser do to protect themselves and how vulnerable am I really? Although cracking some things takes a lot more than a command line.

The enormous exposure of Firesheep has spawned a variety of new tools that process a lot of data to help make hacking easy. There have been multiple new tools released. There will be many more. Your comments here are doing a disservice to all cruisers. You were smart to follow my advice.

Give me 48 hours to hack into your personal accounts. I promise to not do any damage and you promise to hold me harmless for any violation of security that I perform. My goal is to once and for all demonstrate how vulnerable most people are.

Jeff you obviously know how to exploit security flaws with the internet, but you realize the person you are asking permission to hack or gain access to his personal information is against federal law?

He can not give you permission that could keep you out of legal hot water? What you are advocating doing is against the law and cyber crimes are taken seriously. Your not good enough to not get caught either especially after you post about it in a public forum.

Huh Jeff, what exactly are you proving by that. If Chuck does not use his VPN on an open network, he will be vulnerable; we all agree on that. The upshot of all of this sky is falling talk is that access points that used to open and safe to those using VPN will now be closed and boaters will have fewer options for getting onto the internet.

First of all there is no way I will give anyone permission to hack into my personal information, and are you asking me to give you permission to break the law? I have not just begun to use WiTopia, we have used it for quite some time and so far I am satisfied. No one said there are no issues with WiFi or wired internet nor is anyone saying that the average person should not take security precautions. But some of these posts such as this last is quite over the top and I will let others take from it what they will.

I just want to verify that you want to go after my personal info but you will leave a business site that I work for alone. Why would you want to go after MY personal information and not the others here that disagree with you? What does any of that have to do with the discussion that has been taking place here.

And I certainly would like to hear from others as to my previous questions. When I made the change some months ago it found dozens of things that AniMalware and the dreaded Norton and Macafee hadnt picked up at all. ASC even stopped me from opening an Email it deemed suspicious. Just My opinion and small experience.

But I can add some of my thoughts just because you asked for more opinions…. Although, it was long so I apologize if I repeat a few things. I use both, but even more importantly is the correct set up.

There are several other precautions to take that get progressively more complicated….. Good firewalls can get complicated quickly. Some vendors offer a service to help you set it up based on what you want to do. Make sure you are using your operating system correctly with regards to accounts. Limit your time on the network. Find a password protection system that generates really strong passwords and stores them encrypted on your system.

Rotate often. Most break-ins are social engineering, default passwords, etc. Reprinted from comments at this thread :. Sudden, shocking, and usually preventable by locking your door. First, be sure your own wireless network at home, if you are on WiFi, is encrypted. Your router will have instructions. No, not even once. Those add-ons themselves are susceptible to hacking. Next, never use any site where money is exchanged a bank, an online merchant, etc.

Some browsers strip that information out I believe Chrome does by default, but can be forced to show it and prevent you from knowing how your information is being communicated. All reputable sites will use it. Encryption for email is, frankly, overkill for most people unless you are emailing a password. In that case, use an encrypted service, but understand that if it is web-based, your email has been read.

I really hate the fetishization of email encryption. That mode will isolate your browsing session and prevent add-ons and other things on your computer from injecting themselves into your browsing session.

Never allow PDFs to open in your browser. Make them open as standalone documents. A log in to Facebook is useless for anything except Facebook unless you have used the same one for your bank, your PayPal account, and your Amazon account.

If you have a Windows machine, install Windows Security Essentials, a free download, and run it all the time. Keep your PDF out of your browser the biggest attack vector in computing today , turn off auto-recover in your browser, and always keep your browser updated to the latest version or patch.

Long story short, you are most likely to have your accounts taken over by a family member than by anything else. Next, you are most likely to have trouble from a malicious program resident on your system that you got from a PDF or from an email link. You are really not likely to be hijacked at a public WiFi. Put threats into perspective and act rationally and methodically to reduce them. Please read my online article Safe Browsing for detailed instructions on how to secure your machine.

It is Windows-centric, but the overall approach will work for any system. My local WiFi is encrypted. But the website she points to is really an excellent and easy step-by-step to secure your online experience.

It is also information that is usable and easily understood for the average cruiser. I consider myself an average cruiser. As Jeff Siegel pointed out, I am not an expert on the underlying technology, nor do I want to be.

And I believe most cruisers also fall into this category. I am an individual knowledgeable in boating systems and I have kept up with the latest technology as best I can for the purpose of making a living in the marine industry.

I consider my self knowledgeable, but by no means an expert. I have been boating and cruising for decades and have watched closely as technology has changed. I am by no means a techy that went out and bought a boat and made a trip or two down the ICW and am now an expert in all things technical and boating. I come to sites like this to learn from folks that have the information that I lack. I believe that if most boaters weigh in on the subject they would agree.

I think that is what much of this discussion is about. It is discussions like this that are easing some of those fears and at the same time giving folks an honest and working understanding of these vulnerabilities without encasing your computer in concrete as was mentioned. Thanks to everyone, I have come away with new understanding to add to my arsenal.

Theoretical vs practical threats… When I was 14, I was a hacker. There was an elegance and creativity to finding solutions that no normal software development could match.

It was very cool. It was different. Instead of being very obtuse and difficult to understand, it was written as if a pro had crafted it. It had an easy-to-use interface that anyone could use to process the network traffic through an existing tool called WinPcap.

Also on the 25th, ABC News picked up the story. Now this was really different. The media attention was major. On the hacker forums, trust me, this was noticed. All of a sudden, all of the 14 year olds out there wanted to be Eric Butler. Some started discussing other user-friendly tools that they could write — things much more dangerous to normal users than grabbing their Facebook account for a session. Each new article, blog posting, and news story about Firesheep fanned what should have been a smoldering flame.

It turned it into a roaring fire. Over the next three full weeks this continued. These are solutions that require at least some understanding of networking and risks at hand. Sometimes they just disconnect, and your traffic is all routed over your normal interface without any notice.

The only correct solution to this problem is true end-to-end security. Designing with security as a requirement, rather than bolting it on after the fact, is also important. Design such that when you scale out, you can scale out securely. Many companies make a business, not technical, decision to not implement security due to either perceived or actual costs.

It is our opinion that turning a blind eye to customer privacy and security is never good for business, and we hope the people making these decisions will begin to agree. I'm Eric Butler , a software developer. Oct 26, Firesheep, a day later This was certainly an interesting day. As I told TechCrunch: I went back and forth trying to predict what the reaction might be.

Initially before Firesheep was completed I thought there might be moderate interest, but then after doing more research found a lot of one-off articles discussing this same issue that were essentially ignored.

I certainly never expected Firesheep to be the 10 trending search on Google in the US. The first bug reports have started rolling in: "Backend exited with error 1" — This happens on Windows when you stop capturing.

The current release of Firesheep is unfortunately incompatible with FileVault. All of these issues will be fixed in the next release. This may be because the wrong interface is selected. Click the gear icon at the bottom of the Firesheep sidebar and choose Preferences. Install error claiming Firesheep is not compatible with your version of Firefox — Several people ran into this problem because they were unknowingly running out of date and insecure versions of Firefox.

Currently the latest version of Firefox is 3. Firesheep is not yet compatible with the 4. Copy link. I am on an open network where I know people are logging onto facebook and other sites thanks The text was updated successfully, but these errors were encountered:. I have the same problem.

Tried all of them but captures, yet :. From their website: Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. There are two independent issues here: Some people are only seeing "Microsoft" instead of the name of their wireless interface. This is only a problem with the name and nothing else. Wireshark appears to have the same problem.

Some wireless interfaces don't support promiscuous mode, so you'll only see your own traffic. If you're able to see your own traffic from a second web browser, then you've got the right interface selected. Sign up for free to join this conversation on GitHub.