For some time now I have been telling customers to be cautious about using wifi networks in public areas. Of course most people thought I was wrong to worry about this.
Today on the Marketplace Tech report, news is that there is a canned solution which potentially can mine the website cookies out of your browser while you are in a coffee shot/airport/other public place with open wifi.
The way this works is that the "cookies" which your browser saves are there for a few reasons. Primarily, the first purpose is that the cookie makes the loading of a web page which you go to regularly load faster. This is because it sets the content based upon what you have viewed previously. This also serves to aid marketers by collecting behavioral information to allow marketers to shape their campaigns in a way which is more effective.
Another way this saves you time is that it can store your log in and password information which makes your web experience simpler. This is however how the exploit works. This new exploit which is called firesheep, goes out into the open network and connects to your browser looking at the "cookies". By obtaining this information, there is a possible way to gain the access to your Facebook account, Hotmail email account or more.
Luckily for my customers, Gmail has this year been transitioned to HTTPS log in to create an encrypted session which prevents these sessions from snooping.
Additionally, there are some new plug ins for firefox which will slow the penetration into your computer while you log into these websites.
We are at the beginning of securing this problem so contact me if you need help with this.
Wednesday, October 27, 2010
Tuesday, October 12, 2010
another round of security updates from microsoft!
Today is Super Tuesday update day for the month. There are many security patches that rolled from Redmond today - make sure you install them!
There are 7 remote code execution fixes and 2 elevation of priveledge fixes. These are important ones and should be loaded right away.
http://arstechnica.com/microsoft/news/2010/09/microsoft-patch-tuesday-for-september-2010-nine-bulletins.ars
In addition, remember to keep up your advanced system care as new modules have been rolled out for that application as well!
There are 7 remote code execution fixes and 2 elevation of priveledge fixes. These are important ones and should be loaded right away.
http://arstechnica.com/microsoft/news/2010/09/microsoft-patch-tuesday-for-september-2010-nine-bulletins.ars
In addition, remember to keep up your advanced system care as new modules have been rolled out for that application as well!
Subscribe to:
Posts (Atom)