Mozilla: No 'Kill Switch' for Firesheep Add-On

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

1 2 Page 2
Page 2 of 2

During the dustup over its harvesting of information from insecure Wi-Fi networks using its Street View vehicles, Google cited the statute to claim that it had not broken the law.

Some disagreed with Google at the time. In a June story published by the Security Threat site in June, Marc Rotenberg, executive director of the Electronic Privacy Information Center, said he believed Google's actions amounted to wiretapping, and asked the Federal Communication Commission (FCC) to investigate.

Rotenberg did not immediately reply to a request for comment on Firesheep, and whether its packet sniffing activities are similarly illegal.

Eric Butler, who created Firesheep, has defended releasing the add-on, saying that warnings by others of the site insecurities that the tool exposed have been ignored. "[Sites have] been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web," Butler wrote in a blog post on Sunday. "My hope is that Firesheep will help the users win."

Butler and his colleague, Ian Gallagher -- the two led a Firesheep presentation at last weekend's ToorCon security conference -- have declined Computerworld's requests for interviews. Instead, Gallagher said in an e-mail Tuesday, the pair plan to use Butler's blog to answer media inquiries.

Mozilla's Beltzner suggested that Firefox users could protect themselves against Firesheep sniffing and hijacking by installing Force-TLS fto orce the browser to use an encrypted HSTS (HTTP Strict Transport Security) connection when it accesses certain sites.

"Mozilla recommends that Web sites start supporting HSTS, which will be supported by default in Firefox 4," Beltzner added.

On Tuesday, security experts offered several other strategies for defending against Firesheep snooping.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

This story, "Mozilla: No 'Kill Switch' for Firesheep Add-On" was originally published by Computerworld.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Related:
1 2 Page 2
Page 2 of 2
  
Shop Tech Products at Amazon