SlideShare a Scribd company logo

Firesheep & HTTPS, Explained!

Mahmoud Tantawy
Mahmoud Tantawy

Simple & thorough explanation of the concept behind Firesheep & HTTPS enhanced with pictures. Discussing: -The core problem with HTTP -What HTTPS offers instead -The real solution -Why not everyone embracing that solution -Example to well known website that embraced HTTPS "Gmail by Google"

Technology
1 of 28
Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
What makes the internet
What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
Protocols
HTTP HTTP HTTP Client Server
HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
HTTP Header
HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
HTTP Header
Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
Sniffing HTTP Client Server
Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
Firesheep
Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
Google Trends For “Firesheep”
Google Trends For “Firesheep”
How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
Live Demo! Firesheep in Action
The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
HTTPS
HTTPS HTTPS Client Server
What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
Why not everyone using HTTPS?

Recommended

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 

Recommended

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1Julio Alberto López Parra
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTAKarla Rodríguez
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ардBayarsaikhan Sandagdorj
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 
Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptxAbshar Fatima
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
Web server
Web serverWeb server
Web serverAlieska Waye
 
0130225347
01302253470130225347
0130225347Dharmendra Gupta
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 

More Related Content

Viewers also liked

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 

Viewers also liked (17)

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picture
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTA
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection Engineer
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo marga
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ард
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesión
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuli
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianos
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticales
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16
 

Similar to Firesheep & HTTPS, Explained!

Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guideSrihari
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy serverProxies Rent
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedPort80 Software
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP webhostingguy
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topicsSalman Khan
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http responseNuha Noor
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcaRenu Thakur
 

Similar to Firesheep & HTTPS, Explained! (20)

Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerce
 
Web server
Web serverWeb server
Web server
 
0130225347
01302253470130225347
0130225347
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guide
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy server
 
Assignment - 01
Assignment - 01Assignment - 01
Assignment - 01
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
 
Http
HttpHttp
Http
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topics
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
 
Lecture 6- http
Lecture 6- httpLecture 6- http
Lecture 6- http
 
Webbasics
WebbasicsWebbasics
Webbasics
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 

Recently uploaded

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Recently uploaded (20)

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Firesheep & HTTPS, Explained!

  • 1. Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
  • 2. WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
  • 3. What makes the internet
  • 4. What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
  • 5. Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
  • 6.
  • 8. HTTP HTTP HTTP Client Server
  • 9. HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
  • 11. HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
  • 13. Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
  • 15. Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
  • 17. Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
  • 18. Google Trends For “Firesheep”
  • 19. Google Trends For “Firesheep”
  • 20. How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
  • 21. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
  • 22. Live Demo! Firesheep in Action
  • 23. The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
  • 24. HTTPS
  • 26. What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
  • 27. What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
  • 28. Why not everyone using HTTPS?
  • 29. Why not everyone using HTTPS?
  • 30.
  • 31. Thank you, I Hope you enjoyed the session! twitter.com/mtantawy www.mtantawy.com