Firesheep developer poohpoohs mitigation tools

What Would Eric Butler Do?

Just for fun, try replacing 'Eric Butler' in Keith's post with the name of you 'favourite' UK tabloid.

Now, if you can take a break from your self righteous, 'ignorance is bliss' tirade (pausing, perhaps, to read up on logical fallacies) remember that any operating system that allows a user to trivially put a computer's wireless interfaces into promiscuous mode has been able to do this sort of thing for *years*

Mr Butler has done nothing new; he's merely packaged up and presented a succinct demonstration of a flaw that shouldn't exist on any website. Google were very slow in fixing gmail, and even they provided a purely HTTPS interface years ago to prevent this very problem!

Clearly, letting the industry sort itself out in its own good time has been an utter failure. They've been utterly irresponsible, orders of magnitude worse than a little skiddie application and some publicity.

In plain sight

Sigh. You have the intention wrong. The hack that FireSheep does is already possible - and may have already been implemented by real black-hats. Facebook et al won't budge and protect their users until forced - and releasing FireSheep might just force them, by bringing the exploit out into the open.

It's like this: You give a bank your money. Someone gets in the back door, and steals a bit now and again. The bank don't seem to mind, as not much is stolen. So, to force them to properly secure their vault, you go in and steal all the money, and leave it on the counter so everybody can see. Now they notice,and now they properly secure the vault, like they should have in the first place.

Wait...

...binge drinking is wrong? Well that's all the fun out of my life then. I always though so long as you didn't do it often enough to really be an "addiction" and you combined it with sensible actions like having a designated driver and/or sleeping arrangements then binge drinking was one of the greatest activities that humankind could engage in.

Certainly has made for a large number of the really interesting and fun moments in my life!

Pint; because I feel like drinking tonight...

Hold together a cogent argument!

"Would Eric Butler steal a child's bike to teach the child to keep his bike locked up?"

No, but that's theft and is illegal.

"Would he beat up a staggering drunk to teach him binge drinking was wrong?"

No, that's assault and is illegal.

"Would he hurl bricks through windows to "encourage house builders to use better security practices"?"

No, that's vandalism and damage to property, also illegal.

"Would he steal babies from a hospital maternity ward to promote better automated baby tracking systems?'

No, that's kidnapping ( and theft?! ), once again illegal.

"Would he hand out bags of bent nails to school children to be scattered on roads to protest the auto industries failure to use puncture-proof tires?"

No, that's endangering lives on the public highway. Again, illegal.

Firesheep does nothing illegal, it merely pulls information from an open source. If you choose to abuse, then that's your business, but be prepared for th 6ft bloke who's just had his FB account cracked open to walk across the coffee shop and lump you one!

Seriously though, if Eric went down to the B&Q ( DIY hardware store for those outside the UK ) and bought a crowbar, a hammer and a bag of nails. That's not illegal, he's done nothing wrong. If then goes on to commit the crimes you mentioned using those tools, that's not the fault of the Stanley or B&Q is it? I don't see B&Q being collared in a lot of burglary cases for 'adding and abetting', do you?

Nmap, Wireshark, Aircrack, are any of these illegal? No, but they can be used for nefarious purposes if used in the "right" way.