You are in Starbucks checking facebook. You leave. Later you find your facebook posts and pictures are all gone.
It can happen to you because facebook and many other sites don’t encrypt everything, which makes you vulnerable to such attacks. A free tool called firesheep was just released this week, which shows how easy it is to carry out such attacks. It’s scarily simple to use.
I haven’t had success in using firesheep on wired network. However I think the same vulnerability also exists. What do you think?
I wish web site operators will take the warning seriously and start addressing the security vulnerability. If scalability is a concern. There are plenty of products that can help. Citrix happens to have such a product called Netscaler.
There may be other concerns and solutions too. I’d love to hear your thoughts.
Here is how to try firesheep:
Open the file using firefox browser.
Click view->side bar->firesheep to open.
Click start capturing button
Click the captured thumbnails to start a browser session as someone else
Go to Tools-> Add-ons -> Extensions -> Firesheep to set preferences.
Disclaimer: Please use the tool responsively. Only use it to learn about the vulnerability.
Additional information about Netscaler
Netscaler can perform up to 100,000 SSL transactions per second, with SSL throughput up to 6500 mbps. See the performance whitepaper