Feeds

Web 2.0 sites rated on FireSheep sidejacking risk

Who's wearing the dunce cap?

Choosing a cloud hosting partner with confidence

An online services security report card shows the extent to which popular web services are exposing users to account hijacking, especially in open WiFi network environments.

The risk has been understood in security circles for years but remained underreported prior to last week's release of an account hijacking tool called FireSheep. The Firefox plugin allows surfers to sniff and capture login credentials for sites including Facebook and Twitter and to subsequently log into those accounts, all with a few clicks of a button.

Surfers can avoid the risk by using a VPN tunnel to surf the web. The objective of Eric Butler, who developed the browser add-on, is to put pressure on more Web 2.0 sites to use full end-to-end encryption for logins.

However, follow-up tests by security blogger George Ou has revealed that side-jacking attacks might still be possible even when the site runs SSL. Ou published the first version of an online services report card on Monday looking into how effectively (or not) websites protect user login details.

Ou makes Gmail teacher's pet with the only 'A' grade in the batch, while eBay gets a creditable B and both Yahoo and Amazon get a passing C-. Scorn in the report is reserved for Flickr and Hotmail (both of which scrape and D-) and, in particular, Facebook and Twitter.

The report card can be found here. ®

Choosing a cloud hosting partner with confidence

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.