Insecure (non-SSL) Web Content and Firesheep

Discussion in 'Technical' started by melbo, May 6, 2012.

  1. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Firesheep was created as an demonstration of how non SSL (http vs https) web content can hurt anyone who's using open wifi to surf the web. The technology is nothing new as we've been able to use wireshark for 10 years to do the same thing.... but, as a Firefox extension, it shed a whole new light on SSL - notice that FB, Twitter, Google and many of the other major web players have shifted to https:// recently?

    Looking into SSL for the Monkey now and have spent the last couple of weeks researching and figuring out how we can do this with the inherent problem of having both secure (SM hosted text, images, etc) and insecure content (offsite linked images, videos, etc.). You've all seen the warnings in your browser when a site 'Displays both secure and insecure content'. Need to find a way to avoid 'mixed content'.

    Things like this are scary but they must be discussed and addressed. SSL isn't just for banks anymore.

    Firesheep - codebutler
    Firesheep - Wikipedia, the free encyclopedia

    HTTPS is more secure, so why isn't the Web using it?
    HTTPS is great: here's why everyone needs to use it (so we can too)
  2. UGRev

    UGRev Get on with it!

    Everything we do at the company I work for is over SSL. We upped our RSA encryption this last renewal to 2048 bit. Not taking any chances here. There's plenty of pipe out there now and computing power these days makes the old "It's resource intensive" argument pretty stale. So there is really no reason for not doing it anymore.
survivalmonkey SSL seal warrant canary