• Welcome to the Off-Topic/Schweb's Lounge

    In addition to the Mac-Forums Community Guidelines, there are a few things you should pay attention to while in The Lounge.

    Lounge Rules
    • If your post belongs in a different forum, please post it there.
    • While this area is for off-topic conversations, that doesn't mean that every conversation will be permitted. The moderators will, at their sole discretion, close or delete any threads which do not serve a beneficial purpose to the community.

    Understand that while The Lounge is here as a place to relax and discuss random topics, that doesn't mean we will allow any topic. Topics which are inflammatory, hurtful, or otherwise clash with our Mac-Forums Community Guidelines will be removed.

Firesheep? How do we protect ourselves from this and similar software?

OP
6string
Joined
Sep 9, 2009
Messages
5,473
Reaction score
201
Points
63
Location
Down Under :D
Your Mac's Specs
Back to my old 2.2GHz C2D MB after selling my MBP and wondering what my next Mac will be :)
As for you 6string, bravo, the TheAntiM indeed implies Anti-Mac. Before you quickly jump to label me (as I have done with many users), you need to understand my dislike for Mac/Apple has formed over many years of working with the technology and the people! Call me a purest, but I’ve watched the technology grow from a workhorse developed with a niche target market, running on an advanced platform (POWER), to a withering GUI orientated system. The modern day mac is designed to do nothing more than capture market share from a population of users that cannot see beyond the desktop. Apple spends most of their time developing UI improvements and packaging to meet this population rather than the essence of what real technology innovation is about. This is clear as day in the typical MAC (PC) vrs Windows (PC) argument is which focuses on aqua vrs Desktop Windows Manager (BTW for all those fanboys reading this MAC IS A PC, MAC HAS ALWAYS BEEN A PC, if you believe otherwise you’ve been brain washed by the marketing machine that is Apple). As for the people, I don’t have to go into detail about fanboys and other forms of ignorant users, who will blindly defend the platform without understanding both the underlying technology and the competitors’ products or innovations (one cannot truly claim to understand any phenomena in the world when viewing it from a single lens). Another side of the people element is a little more personal, as a purist and technologist; I have particular expectation of my peers, which in my experience with many so called “mac experts” and members of the “professional service” teams has been dismal at best.

With all that aside, there are many valid use cases for mac. I do know of many educated Apple users (however none are purely Apple users) who have a specific requirement to use a mac.

LOL

Once again:
Thanks for the help?
Thanks for joining Mac Forums for that!
 
OP
6string
Joined
Sep 9, 2009
Messages
5,473
Reaction score
201
Points
63
Location
Down Under :D
Your Mac's Specs
Back to my old 2.2GHz C2D MB after selling my MBP and wondering what my next Mac will be :)
LOL

Typical mac user response :)

Expectations will only lead to disappointment, and perhaps you may want try venturing a little further into understand others, seeing others as people with different views and needs to what yours are.
These people are not inferior, hence you are not superior!

Typical Mac user response you say?

Have you nothing better to do than jump onto Mac Forums and spin your spin?

Just for your information, this typical Mac user put up with windows based PCs out of necessity (for work) without any formal education on computers for many years.
Thanks to Apple, I have a user friendly operating system which suits my needs, as far as being able to record music and teach my guitar students, as well as basic tasks that I want to achieve without having to get a degree in IT, engineering, etc etc.
If you ever choose to dig a little deeper, you might be surprised to find that I am not alone.

Mock what you don't understand, and perhaps even hate it (or call it anti), but all I can do is feel sorry for you, as you are stuck where you are, and obviously not content, where as I have moved forward, and am quite content :)
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Telling people something is nowhere near as effective as showing people something. And showing something happening to someone else is never as effective as showing it happening to them. People just don't believe in anything that's not rubbed in their face.

Trust me, the hackers already knew how to do this a long time ago.
Effectiveness doesn't justify the hypocrisy. I'll turn to the largely accepted notion that punitive punishments against criminals tends to increase rates of recidivism. What is more effective is counselling and demonstrating what is wrong. This demonstrates my earlier point - indulging in acts that are similar to that of a criminal (punishing someone who punished others) doesn't work when compared to the established criminological notion that working with someone will likely lower rates of recidivism. To bring it back to this example, demonstrating the effects of hacking through action (such as through using FireSheep) doesn't automatically make it better than showing people through less nefarious means. The idea that direct morally suspect action is somehow inherently more effective is what leads to behaviours in which people continue to commit acts (whether it be crime or computer security negligence).

Firesheep is good as a “thing” because it raises awareness; the simple fact that it allows anyone to do payload inspection out of a web browser indicates a deeper underlying issue.
You can raise awareness other ways which are less morally suspect (as mentioned above). And yes, there is a deeper underlying issue - the widespread belief that undertaking acts like those made available with FireSheep, legitimated through a discourse of benevolence, only perpetuates the existence of technologies like this.
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
Effectiveness doesn't justify the hypocrisy. I'll turn to the largely accepted notion that punitive punishments against criminals tends to increase rates of recidivism. What is more effective is counselling and demonstrating what is wrong. This demonstrates my earlier point - indulging in acts that are similar to that of a criminal (punishing someone who punished others) doesn't work when compared to the established criminological notion that working with someone will likely lower rates of recidivism.
Your analogy is...incomprehensible. Who is being punished here? What crime are you alleging? What punishment are you decrying?

To bring it back to this example, demonstrating the effects of hacking through action (such as through using FireSheep) doesn't automatically make it better than showing people through less nefarious means. The idea that direct morally suspect action is somehow inherently more effective is what leads to behaviours in which people continue to commit acts (whether it be crime or computer security negligence).
Well, you're correct that I cannot speak to the effectiveness of FireSheep in prompting people to take better precautions online. That remains to be seen.

What happened here is that someone has published a photograph of the Emperor wearing no clothes. Do we rail against Kodak for making nudity-exposing cameras?

Or do we get dressed?
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Who is being punished here? What crime are you alleging? What punishment are you decrying?
Individuals who are being punished are those who are the victims of people who use FS to login to those peoples accounts. I'll quote an article where an individual documents their use of the tool (source):
Now, a lot of this sounds like it is a waste of time and very hard to do. So I decided to put it to the test. On Saturday, November 14th I took a trip to my local coffee shop. I connected to the public coffee shop network and fired up my VPN. I installed the FireSheep add-on to FireFox and pushed the button “Start Capturing.”

Within 1 minute, inside my sidebar where the FireSheep window was displayed, there were 3 Facebook accounts and 1 Google Account displayed.

I double clicked on the 1st Facebook account and immediately a window popped up where I was signed on as a young college girl in the coffee shop. I had full access to her Facebook page, her data, protected pictures and info.
I fail to see how this person is not being punished. It doesn't matter if they are negligent - negligence is not an excuse to punish people and invade their privacy (whether or not hacking their already very public facebook profile is another discussion).

The crime? Invasion of privacy and you are in effect circumventing protections put in place to keep data private. How is stealing usernames and passwords this way any different than using a hacking tool to do it? In both cases, the effect is the same (which is largely what the law is concerned with) - you are stealing information that you have no right to access.
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
Individuals who are being punished are those who are the victims of people who use FS to login to those peoples accounts. I'll quote an article where an individual documents their use of the tool (source):I fail to see how this person is not being punished. It doesn't matter if they are negligent - negligence is not an excuse to punish people and invade their privacy (whether or not hacking their already very public facebook profile is another discussion).

The crime? Invasion of privacy and you are in effect circumventing protections put in place to keep data private. How is stealing usernames and passwords this way any different than using a hacking tool to do it? In both cases, the effect is the same (which is largely what the law is concerned with) - you are stealing information that you have no right to access.
Oh, I have no problem with punishing that guy. He's a jerk, and probably a criminal depending on jurisdiction. Prosecute away. Prosecute everyone you can find like him. Jail them, counsel them, give them sensitivity training, execute them for their crimes, I don't care.

The point is, there are ten million more jerks like him. Most of them not stupid enough to post about their exploits on blogs, so you'll never catch them.

Many of them are smart enough to do the same thing even if FireSheep did not exist. Even if every copy of FireSheep were magically deleted tomorrow, the problem would remain.

Going after jerks like him, or the developers of FireSheep, would not solve the problem.
 
Joined
Feb 26, 2010
Messages
2,116
Reaction score
123
Points
63
Location
Rocky Mountain High, Colorado
Your Mac's Specs
1.8 GHz i7 MBA 11" OSX 10.8.2
Another way to protect yourself - ssh tunnel.

I was messing with ssh and SOCKS and it seems to work pretty well
How to guard yourself and your Mac from Firesheep and Wi-Fi snooping
Geek to Live: Encrypt your web browsing session (with an SSH SOCKS proxy)

Not everyone has their own SSH server, but I highly recommend finding some old beater computer and setting it up with ssh and rsa keys. (Linux runs on pretty much anything) If people are interested I have a writeup on how to setup a ssh server fairly securely. It is a rather long guide though and not for the feint of heart.
 
Joined
Oct 13, 2009
Messages
357
Reaction score
5
Points
18
Your Mac's Specs
25" iMac 3.06 GHz Intel Core 2 Duo iPhone 4
I don't understand knowledgeable posters who are actually excited that we uninitiated newbies might get hijacked by those using Firesheep because we have the unmitigated gall to not thoroughly understand the Mac operating system. The people garnering information illegally are the villains, but somehow legitimate users are the ones who should be punished. It's especially puzzling since all I have gotten from day 1 on this site was gracious help with my new Mac from total strangers .

I got a Mac a year ago because it was supposed to be trouble free, virus free and easy to use. I had used PCs since their infancy when the only monitors were black and green and everything had to be entered at a C prompt. I used to write programs on Cobol and Fortrain on hundreds of punch cards, when a bent card would force an entire program not to run and dropping a stack could destroy days of work. I dont' understand the system because I really don't want to have to learn it, not because I don't have the capacity to learn it.

Having said all that, I am paranoid about the privacy on my phone and soon to be iPad. I don't travel with my iMac, so it's thoroughly encased behind a secure firewall. Is it worth it to use a service like WiTopia.? I understand it gives you a VPN, but do you connect from the unprotected hotspot to their site and then to the site that you want to go to?? If I don't use sites like Facebook or Twitter will it be as important to use?? Would it be hard to get off my phone/iPad if I decide not to use it anymore? TIA
 
Joined
Sep 19, 2010
Messages
191
Reaction score
3
Points
18
Location
Minnesota
Your Mac's Specs
3.4ghz quad core ati 5850 graphics card 4GB ddr3 ram
firesheep just monitors unsecured traffic. if your on an unsecure wireless network, your traffic is viewable by everyone.
My college wireless is unsecure and I've peeked into it a few times...
.... I am scared of the people in my dorm.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top