Conferences and WiFi Security

8 Comments

Just a few quick notes about security before anyone shows up at the PASS Summit.

First, set up lock codes on your phones, iPads, and laptops.  Those of us who are security-conscious tend to play pranks on those of us who aren’t.  (Ask Tom LaRock about the year he found a shirtless fireman on his desktop wallpaper and couldn’t get it back off – we play for keeps.)

Second, install the Firefox plugin HTTPS Everywhere.  This forces popular web sites like FaceBook, Live, and Twitter to use HTTPS instead of HTTP, thereby encrypting your web surfing instead of SSL.

Third, when you’ve done the above two, check out Firesheep.  It’s a Firefox extension that listens to unencrypted HTTP traffic on your WiFi network and lets you instantly log in as any sucker who isn’t using HTTPS.  This works great at hotels and conferences where lots of your friends (or enemies, whatever) are surfing during keynote addresses.

Consider yourself warned.

Previous Post
Proof that CPU Power Matters
Next Post
SQL Server (2011) Code Name Denali – Release Date Nov 9 2010

8 Comments. Leave new

  • Even better than SSL everywhere is to set up a VPN before hand and connect through that. HTTPS Everywhere won’t work on your phones/ipads after all, but pretty much everything can do bog standard PPTP VPNs. Just tell the device to “send all traffic over the VPN” not just the traffic destined for the VPN’s subnet.

    Windows PPTP isn’t the most secure VPN in the world, but it’s miles above plaintext transmissions 🙂

  • What about us chrome users?

    • Sorry, tribe, I’ve got nothing for you. Head back to camp. I’ll see you tonight at Tribal Council where one of you will be voted off the island.

  • Hi Brent.

    Good advice, thanks for this.

    Am I being thick, or is this a typo?
    “and lets you instantly log in as any sucker who isn’t using HTTP”

    Should this be
    “and lets you instantly log in as any sucker who isn’t using HTTPS”

    If you aren’t using HTTP, I can only imagine you are using HTTPS, and if I’m using HTTPS, I’m relatively more secure?

    Love the blog and rants, cheers.

  • And now those suckers can catch you, using the new

Menu
{"cart_token":"","hash":"","cart_data":""}