Firesheep Testing
January 14th, 2011, 3:59am by KelvinJust installed Firesheep to see what we’re up against. I couldn’t get it to work on my Windows 7 laptop (something about not having compatible drivers for the wireless adapters). Works on our Macbook though. Using that, I tried it out in the safety of our WEP-enabled home network. This is some scary stuff.
Main findings:
1) Jake was right, WEP doesn’t protect from Firesheep whatsoever
2) Surfing the mobile facebook, mobile Google and mobile Flickr sites on my Pre got my logins recognized by Firesheep. I could surf Mobile Twitter safely though. Twitter must use different cookies for their mobile site.
3) The Facebook, Flickr, and Twitter webOS apps didn’t trigger Firesheep, nor did checking email or syncing to Google PIMs from my Pre
4) Just opening Chrome on my other laptop exposed my Google login to Firesheep, without even going to any websites (I have Chrome open to Bookmark thumbnails page).
5) When connecting 2 computers to my Pre’s Mobile Hotspot in WPA mode, Firesheep didn’t intercept anything.
February 1st, 2011 at 1:43 pm
Facebook and Twitter now both have https throughout (as an option). Still, you shouldn’t use Chrome on public Wifi. I think that’s pretty sneaky that Chrome would automatically log you into Gmail. I understand there are some benefits where the browser needs to know you you are (“App” syncing, bookmark syncing, cloud printing, etc)
February 1st, 2011 at 1:45 pm
Also, based on my testing, you should be more leery if you’re on a public when there are more Macs in use. Just saying.