SlideShare ist ein Scribd-Unternehmen logo

Firesheep & HTTPS, Explained!

Mahmoud Tantawy
Mahmoud Tantawy

Simple & thorough explanation of the concept behind Firesheep & HTTPS enhanced with pictures. Discussing: -The core problem with HTTP -What HTTPS offers instead -The real solution -Why not everyone embracing that solution -Example to well known website that embraced HTTPS "Gmail by Google"

Technologie
1 von 28
Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
What makes the internet
What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
Protocols
HTTP HTTP HTTP Client Server
HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
HTTP Header
HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
HTTP Header
Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
Sniffing HTTP Client Server
Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
Firesheep
Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
Google Trends For “Firesheep”
Google Trends For “Firesheep”
How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
Live Demo! Firesheep in Action
The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
HTTPS
HTTPS HTTPS Client Server
What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
Why not everyone using HTTPS?

Empfohlen

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 

Empfohlen

Privateip jimdo com
Privateip jimdo comPrivateip jimdo com
Privateip jimdo comJamesPedro01
 
SW2-week12
SW2-week12SW2-week12
SW2-week12s1190015
 
SW2-homework10
SW2-homework10SW2-homework10
SW2-homework10RyoObata
 
Sp wr2
Sp wr2Sp wr2
Sp wr2s1190015
 
Hidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationHidden ip does not allow hackers to identify your location
Hidden ip does not allow hackers to identify your locationProxies Rent
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Yes i can develop my idea and start a business
Yes i can develop my idea and start a businessYes i can develop my idea and start a business
Yes i can develop my idea and start a businessMarc Parham
 
Reviwe family
Reviwe familyReviwe family
Reviwe familyAnabel Milagros Montes Miranda
 
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1Julio Alberto López Parra
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTAKarla Rodríguez
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ардBayarsaikhan Sandagdorj
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 
Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptxAbshar Fatima
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
Web server
Web serverWeb server
Web serverAlieska Waye
 
0130225347
01302253470130225347
0130225347Dharmendra Gupta
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 

Weitere ähnliche Inhalte

Andere mochten auch

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Alexis FARGIER
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picturejuliettrain
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerMuhammed Salahuddeen
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.rtumur
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo margaSara Flores
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónSara Flores
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huulirtumur
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianosCarlos Castillo
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалBayarsaikhan Sandagdorj
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticalesSara Flores
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудbatnasanb
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...batnasanb
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...batnasanb
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC- UK
 

Andere mochten auch (17)

Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
Petit déjeuner Food Service Vision - La promotion au cœur des stratégies du f...
 
Adjetivo 1
Adjetivo 1Adjetivo 1
Adjetivo 1
 
PTSD BIg Picture
PTSD BIg PicturePTSD BIg Picture
PTSD BIg Picture
 
ORACIÓN COMPUESTA
ORACIÓN COMPUESTAORACIÓN COMPUESTA
ORACIÓN COMPUESTA
 
CV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection EngineerCV Muhammed Salahuddeen, Fire Protection Engineer
CV Muhammed Salahuddeen, Fire Protection Engineer
 
Sanhvv medee 7-21.
Sanhvv medee 7-21.Sanhvv medee 7-21.
Sanhvv medee 7-21.
 
Presentación del romanticismo marga
Presentación del romanticismo margaPresentación del romanticismo marga
Presentación del romanticismo marga
 
E commerce - хөшигний ард
E commerce - хөшигний ардE commerce - хөшигний ард
E commerce - хөшигний ард
 
Propiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesiónPropiedades del texto: Adecuación, coherencia y cohesión
Propiedades del texto: Adecuación, coherencia y cohesión
 
Eruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuliEruul mendiin daatgaliin tuhai huuli
Eruul mendiin daatgaliin tuhai huuli
 
Violencia contra los ancianos
Violencia contra los ancianosViolencia contra los ancianos
Violencia contra los ancianos
 
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдалИнтернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
Интернэт худалдаа төлбөр тооцооны систем, аюулгүй байдал
 
Categorias gramaticales
Categorias gramaticalesCategorias gramaticales
Categorias gramaticales
 
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талуудД.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
Д.Дэлгэрмөрөн - Монгол оронд органик ХАА-н үйлдвэрлэл хөгжих боломж давуу талууд
 
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
Э.Дашзэвэг Э.Тэмүжин - Барилгын машин механизмийн машин цагийн зардлыг индек...
 
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
З.Цэнд- Аюуш - Боловсролын салбарын үр шим хүртэгчдийн мэдээллийн хэрэгцээг т...
 
ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16 ILC-UK Future of Ageing Presentation Slides - 09Nov16
ILC-UK Future of Ageing Presentation Slides - 09Nov16
 

Ähnlich wie Firesheep & HTTPS, Explained!

Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerceshahin raj
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guideSrihari
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy serverProxies Rent
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP webhostingguy
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedPort80 Software
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topicsSalman Khan
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure RESTguestb2ed5f
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http responseNuha Noor
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcaRenu Thakur
 

Ähnlich wie Firesheep & HTTPS, Explained! (20)

Http_Protocol.pptx
Http_Protocol.pptxHttp_Protocol.pptx
Http_Protocol.pptx
 
Overview note e-comerce
Overview note e-comerceOverview note e-comerce
Overview note e-comerce
 
Web server
Web serverWeb server
Web server
 
0130225347
01302253470130225347
0130225347
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?
 
Web technology-guide
Web technology-guideWeb technology-guide
Web technology-guide
 
Securely managed and timed proxy server
Securely managed and timed proxy serverSecurely managed and timed proxy server
Securely managed and timed proxy server
 
Assignment - 01
Assignment - 01Assignment - 01
Assignment - 01
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
 
Http
HttpHttp
Http
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
HTML CSS web engineering slides topics
HTML CSS web engineering slides topicsHTML CSS web engineering slides topics
HTML CSS web engineering slides topics
 
Scalable Reliable Secure REST
Scalable Reliable Secure RESTScalable Reliable Secure REST
Scalable Reliable Secure REST
 
Http request and http response
Http request and http responseHttp request and http response
Http request and http response
 
Lecture 6- http
Lecture 6- httpLecture 6- http
Lecture 6- http
 
Webbasics
WebbasicsWebbasics
Webbasics
 
HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??HTTP VS. HTTPS: WHICH IS BETTER??
HTTP VS. HTTPS: WHICH IS BETTER??
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 

Kürzlich hochgeladen

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

Kürzlich hochgeladen (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Firesheep & HTTPS, Explained!

  • 1. Firesheep & HTTPS Only 90% of internet websites are unsecure! Presenter/ Mahmoud Tantawy
  • 2. WHOIS?! Mahmoud Tantawy Ain Shams University, Faculty of Engineering Junior Student @ Communication Systems Dept. Currently: DEVIGN Workshop Moderator
  • 3. What makes the internet
  • 4. What makes the internet Internet is about global interconnected computer networks It has Servers & Clients Clients request a service/content from the Servers Servers are special computers powerful enough to serve the Clients
  • 5. Protocols Servers & Clients need some rules to control how they deal with each other, a “Protocol” Protocol in general is; a set of rules governing communications between two parties HTTP: Hyper-Text Transfer Protocol, is the most widely used Protocolover the internet, between Servers & Clients
  • 6.
  • 8. HTTP HTTP HTTP Client Server
  • 9. HTTP Header Servers & Clientscommunicate using HTTP Requests & Responses Each HTTP Request & Response has a “Header” HTTPHeader carries data similar to what you would write on a letter’s envelope
  • 11. HTTP Header HTTP Header also carry sufficient information about you & yourbrowser, so that the Server can do its job Here lies the Problem, these information about you are sent as PlainText If anyone can Sniff these information, he can deceive the Server and makes it think the “he” is “you”!!
  • 13. Sniffing If you are using unsecured Wi-Fi, all your data sent between your PC & Router are available to anyone to read!! So if any attacker could Sniff these data, he’ll be able to read the HTTP requests & responses Thus, he can deceive the Server to identify “him” as “you”
  • 15. Sniffing So if the attacker can read the ID that is uniquely given to each Client He can fake an HTTP request & manually put your ID & request pages from the Server The Server will identify “him” as “you” without the need to re-sign in, because the requests carry your unique ID
  • 17. Firesheep Firesheep is a Mozilla Firefox’s Add-on It enables anyone to Sniff HTTP Headers on unsecured Wi-Fi& makes one able to access websites using others’ identities It was downloaded more than 400,000 times in 5 days Google got 1million searches about it in 10 days
  • 18. Google Trends For “Firesheep”
  • 19. Google Trends For “Firesheep”
  • 20. How to defend oneself Once the add-on was released by “Eric Butler”, many wrote that the solution is avoidingunsecured Wi-Fi But Eric responded by making the reason behind releasing such add-on clear Which is ringingthebell about that issue with HTTP, and letting users know that the websites are NOTprotecting them enough
  • 21. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheepwill help the users win!" Eric Butler
  • 22. Live Demo! Firesheep in Action
  • 23. The Real Solution! The core problem is that HTTP exchanges requests & responses in plain text So, the solution is to encrypt these requests & responses, as simple as that! By using HTTPS, a much more secured version of the famous Protocol Now all exchanged data will be secured from eavesdropping & Sniffers
  • 24. HTTPS
  • 26. What’s stopping HTTPS The question in your head now is; Why haven’t the websites protected their users by utilizing HTTPS & making it default? 2 main problems: Encryption adds an intermediate step, which adds time & more processing power needed To use HTTPS websites’ owners must purchase certificates to be marked globally as secure
  • 27. What’s stopping HTTPS These all add costs to services that are provided for free to users So it is more of a trade-off between security & cost It is worth mentioning that Google started using HTTPS with many of its products, specially Gmail
  • 28. Why not everyone using HTTPS?
  • 29. Why not everyone using HTTPS?
  • 30.
  • 31. Thank you, I Hope you enjoyed the session! twitter.com/mtantawy www.mtantawy.com