SlideShare a Scribd company logo
Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
What makes the internet
What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
Protocols
HTTP HTTP HTTP Client Server
HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
HTTP Header
HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
HTTP Header
Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
Sniffing HTTP Client Server
Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
Firesheep
Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
Google Trends For “Firesheep”
Google Trends For “Firesheep”
How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
Live Demo! Firesheep in Action
The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
HTTPS
HTTPS HTTPS Client Server
What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
Why not everyone using HTTPS?

More Related Content

Viewers also liked

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Alexis FARGIER
 
Adjetivo 1
Adjetivo 1Adjetivo 1
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picture
juliettrain
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTA
Karla Rodríguez
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection Engineer
Muhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.
rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo marga
Sara Flores
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ард
Bayarsaikhan Sandagdorj
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesión
Sara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuli
rtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianos
Carlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Bayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticales
Sara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн  машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн  машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC- UK
 

Viewers also liked (17)

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picture
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTA
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection Engineer
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo marga
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ард
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesión
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuli
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianos
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticales
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн  машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн  машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16
 

Similar to Firesheep & HTTPS, Explained!

Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
Abshar Fatima
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerce
shahin raj
 
0130225347
01302253470130225347
0130225347
Dharmendra Gupta
 
Web server
Web serverWeb server
Web server
Alieska Waye
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
Real Estate
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
CheapSSLsecurity
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guide
Srihari
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy server
Proxies Rent
 
Assignment - 01
Assignment - 01Assignment - 01
Assignment - 01
mdmohinuddin8
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
webhostingguy
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
Port80 Software
 
Http
HttpHttp
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
simplyharshad
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topics
Salman Khan
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
guestb2ed5f
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
Nuha Noor
 
Lecture 6- http
Lecture  6- httpLecture  6- http
Lecture 6- http
Saman M. Almufti
 
Webbasics
WebbasicsWebbasics
Webbasics
patinijava
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
SEONetsolITSolutions
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
Renu Thakur
 

Similar to Firesheep & HTTPS, Explained! (20)

Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerce
 
0130225347
01302253470130225347
0130225347
 
Web server
Web serverWeb server
Web server
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guide
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy server
 
Assignment - 01
Assignment - 01Assignment - 01
Assignment - 01
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
 
Http
HttpHttp
Http
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topics
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
 
Lecture 6- http
Lecture  6- httpLecture  6- http
Lecture 6- http
 
Webbasics
WebbasicsWebbasics
Webbasics
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 

Recently uploaded

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 

Recently uploaded (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 

Firesheep & HTTPS, Explained!

  • 1. Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
  • 2. WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
  • 3. What makes the internet
  • 4. What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
  • 5. Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
  • 6.
  • 8. HTTP HTTP HTTP Client Server
  • 9. HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
  • 11. HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
  • 13. Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
  • 15. Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
  • 17. Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
  • 18. Google Trends For “Firesheep”
  • 19. Google Trends For “Firesheep”
  • 20. How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
  • 21. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
  • 22. Live Demo! Firesheep in Action
  • 23. The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
  • 24. HTTPS
  • 26. What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
  • 27. What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
  • 28. Why not everyone using HTTPS?
  • 29. Why not everyone using HTTPS?
  • 30.
  • 31. Thank you, I Hope you enjoyed the session! twitter.com/mtantawy www.mtantawy.com