[joomla] Always use SSL?
Stephen Britton
sbritton at gmail.com
Fri Dec 3 15:18:34 EST 2010
I am glad you mentioned Firesheep.
I have warning clients not to log in through the admin panel when
visiting public WiFi places like Starbucks and Barnes & Noble because
there is a good chance that bad folks are trolling for passwords with
Firesheep.
It has caused me to spend more time working from home where I use a
wired connection than from my local Starbucks because I don't have a
secure way to access Joomla admin panels. I am thinking that Firesheep
is going to sell a lot of SSL certs. I am suggesting SSL to clients if
they need to use wireless to access their sites.
On Fri, Dec 3, 2010 at 1:44 PM, Gary Mort <garyamort at gmail.com> wrote:
> With the release of Firesheep....and my nomadic system lifestyle, I am
> seriously reconsidering my former view of "man in the middle" attacks as a
> low priority issue.
> Looking over the Remember Me plugin, I note that it is easily hijacked via
> Firesheep to allow a user without too much technical sophistication to
> impersonate someone on a Joomla powered website if it is connected to
> through normal HTTP instead of HTTPS.
> The simple solution, which I am implementing for myself, is to setup a VPN
> to an external system on the internet and tunnel all my traffic through
> there. That at least removes the issue with open wifi access.
> While self signed certificates can cause general users to become
> uncomfortable and not wish to continue on a website, for my own sanity I'm
> thinking a short little plugin that always redirects specific users who log
> on to the https connection to log on again would be in order.
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
Stephen Britton
Technology Consultant
sbritton at gmail.com
ph: 914-661-0040
More information about the Joomla
mailing list