Activity: Talk or presentation types › Talk or presentation (not at a conference) › Academic
Logging in on websites is common. However, it wasn't always secure - as FireSheep showed dramatically in 2010. A malicious agent could simply eavesdrop on WiFi traffic and steal credentials of logged-in users. In response to FireSheep, major websites fixed their login security. However, it remains unclear whether others followed suit.Investigating this scientifically is fraught with challenges: acquiring passwords, automating logins on unknown websites, etc.
In this talk, we present Shepherd, the result of a 2 year engineering effort to automate website logins. Moreover, we will present and discuss the results of a security scan with Shepherd, which showed that out of 7,113 sites where login was successful, 2,417 (34%) is still vulnerable to some variant on the FireSheep attack.