You are in Starbucks checking facebook. You leave. Later you find your facebook posts and pictures are all gone.

It can happen to you because facebook and many other sites don’t encrypt everything, which makes you vulnerable to such attacks. A free tool called firesheep was just released this week, which shows how easy it is to carry out such attacks. It’s scarily simple to use.

I haven’t had success in using firesheep on wired network. However I think the same vulnerability also exists. What do you think?

I wish web site operators will take the warning seriously and start addressing the security vulnerability. If scalability is a concern. There are plenty of products that can help. Citrix happens to have such a product called Netscaler.

There may be other concerns and solutions too. I’d love to hear your thoughts.

Here is how to try firesheep:

Download the .xpi file here
Note: Windows users need to install Winpcap first!

Open the file using firefox browser.

Click view->side bar->firesheep to open.

Click start capturing button

Click the captured thumbnails to start a browser session as someone else

Go to Tools-> Add-ons -> Extensions -> Firesheep to set preferences.

Disclaimer: Please use the tool responsively. Only use it to learn about the vulnerability.

Additional information about Netscaler

Netscaler can perform up to 100,000 SSL transactions per second, with SSL throughput up to 6500 mbps. See the performance whitepaper

How to configure Netscaler to force secure connections

Ray (Ruiguo) Yang
Check out my other blogs
Subscribe to my blog RSS feed
twitter me @rayyangcitrix
email me at ray dot yang at citrix dot com