Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

Firesheep – The weakest link in security has been, and always will be, the user’s judgment

16 Jul 2011

I came across this Firesheep article while I reading Crypto-Gram published on 15th July 2011 and thought that this was really interesting. The point to highlight in this article here is not the “Firesheep” tool per se,   but the authors’ observations when he took his Firesheep for a walk at Starbucks.


Note: this article was published some time back, on December 16, 2010. Hopefully people have grown a lot wiser today.


“Less than one minute later, there were five or six identities sitting in the sidebar. Three of them were from Facebook. 


Half an hour later, I’d collected somewhere between 20 and 40 identities. Since Facebook was by far the most prevalent (and contains more personal information than Twitter), I decided to send the users messages from their own accounts to warn them of their exposure. I drafted a friendly, generic message that stated the location of the Starbucks, what the vulnerability was, and how to avoid it. I sent messages to around 20 people.


I cleared the Firesheep sidebar, took off my headphones, and waited. 


I drafted a very short message (perhaps the first was too long?) and sent it to the four, once again from their own accounts: Really wasn’t kidding about the insecurity thing. I won’t send another message after this — it’s up to you to take your security seriously. You’re at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool.


Twenty minutes passed, and all four were still actively using Facebook.


On my way home, I considered what the experience meant about our society. No matter how many security measures we provide to the world, there will always be people who leave the door open, even after they’ve had an intruder. The weakest link in security has been, and always will be, the user’s judgment.


Excerpted from: End of Privacy | Herding Firesheep in Starbucks


P.S. In-case you are wondering what is the Singapore’s equivalent of unsecured Wi-Fi hotspots at Starbucks or Kopitiam – It’s Wireless@SG. 


Share on Facebook
Share on Twitter
Please reload


September 5, 2017

Please reload

Please reload

RSS Feed