Why does Mozilla permit the Firesheep App
Just read an article about launch of "firesheep" It is an Firefox Ad On that permits stealing info from people using Wi Fi. Since Firefox is for security, why don't they block this add on?
- npmnqmp 071303000004
- Yahoo! activeX Plug-in Bridge
- Adobe PDF Plug-In For Firefox and Netscape
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- RealPlayer(tm) LiveConnect-Enabled Plug-In
- RealJukebox Netscape Plugin
- Default Plug-in
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- BrowserPlus -- Improve your browser! -- http://browserplus.yahoo.com/
- Shockwave Flash 10.0 r32
- iTunes Detector Plug-in
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- Google Updater pluginhttp://pack.google.com/
- Google Update
- Next Generation Java Plug-in 1.6.0_20 for Mozilla browsers
- User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:22.214.171.124) Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)
What type of control over that extension do you think Mozilla has?
Yes, they could "blocklist" it, but that won't do anything to fix the real problem - the lack of security in general, and in particular with wi-fi connections and the most popular domains.
It's not available from the official Addons website - https://addons.mozilla.org/en-US/firefox/- so Mozilla isn't distributing it.
The name - FireSheep - isn't a tip-off about that extension?
Like, maybe it's a learning experience about the perils of the internet?
And it's there to prove a point about security, or the lack thereof on some of the most popular domains on the internet?
FireSheep isn't the only tool out there that us able to monitor unencrypted web traffic and pickup bit of data, it just happens to be the latest and easiest to use.
Maybe now users will become aware of the targeted 26 websites poor security handling the their (the user's) personal data, and those user's will demand fully encrypted connections with those websites. I am surprised that I haven't seen a listing of those 26 domains published in any of the articles about FireSheep that I have seen published in the last three days. So much for "investigative journalism" on the web, raise the "alarm" but don't inform your readers of which domains are targeted. Simple matter to download the extension, open it in a "Zip" program and view the \handlers\ file in that extension, and then alert your readers which domains are vulnerable.
If those reader's read the correct articles on the web, they will learn how to protect themselves against their communications being monitored on unencrypted wi-fi connections. (And it ain't like FireSheep has anything to do with trying to monitor financial transactions, most of the data on social networking sites would just embarrass a user, not bankrupt them.)
I think of that as a learning experience for user's, you get burned once and maybe you'll spend some time learning about web security. Of course, some user's don't learn not to touch something hot the first time they're burned, some people will need to get burned two or three times before they learn not to pickup something that's hot.
I'm not a computer professional. I'm semi-retired and in my 7th decade on this earth, but I have been using PC's for 26 years so I have some experience in these matter's.
If anyone has read or watched the news today they are allowing it as a lesson to Facebook and other social networking sites that they need to revamp their security settings. It is way to easy for someone to hack into your accounts and they want to make people aware of this. Just don't log into these sites through Free Public Wifi and you'll be fine.
Come on Mozilla, you better turn block Firesheep NOW or I can go to the lawyer for this damn needs to blocked immediate!!!! that is very stupid to give to everyone play with Facebook cause ruin their!!
DO BLOCK OR REMOVE FIRESHEEP NOW!!
Kinda late to the table aren't you? Facebook has supposedly had an opt-in for encryption since January or February 2011. Blame Facebook for not making it the default for all users.
BTW, all a user has to do is change the GUID of the Firesheep extension before installing it and it would get around the blocklist.
Oh and I'm use FF5.0a2 is new browser and noticed it's just hit happened today BUT was used FF4.0RC2 was good block but.......FF5.0a2 must be leak cause Firesheep break in FF5.0a2.
does this add-ons still work? i tried it but nothing were captured.. even though i selected the right interface
由 mahouk 於 修改