SlideShare a Scribd company logo

Firesheep & HTTPS, Explained!

Mahmoud Tantawy
Mahmoud Tantawy

Simple & thorough explanation of the concept behind Firesheep & HTTPS enhanced with pictures. Discussing: -The core problem with HTTP -What HTTPS offers instead -The real solution -Why not everyone embracing that solution -Example to well known website that embraced HTTPS "Gmail by Google"

Technology
1 of 28
Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
What makes the internet
What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
Protocols
HTTP HTTP HTTP Client Server
HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
HTTP Header
HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
HTTP Header
Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
Sniffing HTTP Client Server
Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
Firesheep
Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
Google Trends For “Firesheep”
Google Trends For “Firesheep”
How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
Live Demo! Firesheep in Action
The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
HTTPS
HTTPS HTTPS Client Server
What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
Why not everyone using HTTPS?

Recommended

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 

Recommended

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1Julio Alberto López Parra
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTAKarla Rodríguez
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ардBayarsaikhan Sandagdorj
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 
Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptxAbshar Fatima
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
Web server
Web serverWeb server
Web serverAlieska Waye
 
0130225347
01302253470130225347
0130225347Dharmendra Gupta
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 

More Related Content

Viewers also liked

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 

Viewers also liked (17)

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picture
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTA
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection Engineer
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo marga
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ард
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesión
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuli
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianos
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticales
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16
 

Similar to Firesheep & HTTPS, Explained!

Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guideSrihari
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy serverProxies Rent
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP webhostingguy
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedPort80 Software
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topicsSalman Khan
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http responseNuha Noor
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcaRenu Thakur
 

Similar to Firesheep & HTTPS, Explained! (20)

Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerce
 
Web server
Web serverWeb server
Web server
 
0130225347
01302253470130225347
0130225347
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guide
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy server
 
Assignment - 01
Assignment - 01Assignment - 01
Assignment - 01
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
 
Http
HttpHttp
Http
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topics
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
 
Lecture 6- http
Lecture 6- httpLecture 6- http
Lecture 6- http
 
Webbasics
WebbasicsWebbasics
Webbasics
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Firesheep & HTTPS, Explained!

  • 1. Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
  • 2. WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
  • 3. What makes the internet
  • 4. What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
  • 5. Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
  • 6.
  • 8. HTTP HTTP HTTP Client Server
  • 9. HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
  • 11. HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
  • 13. Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
  • 15. Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
  • 17. Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
  • 18. Google Trends For “Firesheep”
  • 19. Google Trends For “Firesheep”
  • 20. How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
  • 21. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
  • 22. Live Demo! Firesheep in Action
  • 23. The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
  • 24. HTTPS
  • 26. What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
  • 27. What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
  • 28. Why not everyone using HTTPS?
  • 29. Why not everyone using HTTPS?
  • 30.
  • 31. Thank you, I Hope you enjoyed the session! twitter.com/mtantawy www.mtantawy.com