Bringing in the Sheep: the FireSheep firestorm

Michael Torrie torriem at gmail.com
Sat Nov 6 09:14:22 MDT 2010


On 11/06/2010 07:10 AM, Aaron Toponce wrote:
> In a random "mom and pop" Internet cafe, I would understand this
> concern. In an established environment, such as a major university, that
> paranoia might be excessive.

I would say most internet cafes would pose quite a risk.  Only recently
have I started traveling with a netbook.

However I don't think my paranoia is excessive.  I have known of a lot
of people who had their GMail account hacked in the last year.  Even to
Linux-savy folks such as many of us.  After always being careful where
he logs into facebook and gmail (no starbucks), and always security best
practices, one friend simply went to visit his parents and logged into
gmail and facebook using their windows computer.  Suddenly his contacts
receive an e-mail saying he needs money wired to him.

In one person's case the password on her gmail wasn't changed and so
she'd never have noticed she had been compromised if she hadn't noticed
some messages in her sent folder (all spam) that she didn't recall
sending at 2am every day.  And she only used her computer at home and
her office computer at BYU.  Even though she tried to do things like
keep her antivirus up to date, I believe her home computer still
probably had a key-logging virus on it.  She has now moved to a Mac
because of this experience.

Just last week another friend had her account compromised somehow and
she has been only using the internet at her home in southern utah.
Probably a very stealthy virus or spyware on her computer, as she also
tries to stay up to date and runs her virus and malware scans regularly.

I am not by nature a paranoid person, but I've seen enough of this kind
of stuff lately to start to be more paranoid.  The people I just
mentioned didn't use random internet cafes.  They didn't even use random
computers at all.  Having firefox on a stick wouldn't have helped in any
of these cases, though probably booting linux on a USB stick would have.
 It would seem that even in an "established environment" such as BYU
where I work, the battle against MS viruses and spyware has largely been
lost.

I'm also a lot more paranoid now since my gmail account not only handles
a lot of my e-mail, but because it also handles my pictures (picasaweb),
and most importantly, my phone.



More information about the PLUG mailing list