Home Sweet Home
Friday 3rd August, 2007 20:23 Comments: 2
It's nice to have an internet connection again. The hotel I was recently staying at had such poor internet access (unreliable, slow DHCP, lots of retransmissions) that I was going online using my mobile... at a stunning 9.6kbps (a fraction of 56k modem speeds, and an even smaller fraction of the connection I'm currently using).
I hate to say it, but I'm getting into Facebook. It's all Caz's fault, she told me to join it a while back but I only signed up the other day, and now I'm catching up with lots of old friends from uni (well, I'm reading what they're up to, I'll send them messages at some point). I'm not usually a fan of these sorts of sites, but this one has me interested. Yamahito has also been talking about their RSS feeds, which they've just introduced. All sites should have RSS feeds. RSS is great.
While I was away, I noticed an article on The Register about a presentation at Black Hat. The presentation was basically about session hijacking, a well known threat. The difference was that they were pushing how easy and insecure it is to hijack sessions when someone is reading their Google Mail (or Gmail if you're not in the UK) over a public wireless access point. Even when they use SSL! Yes, that bit caught my attention too, but it turns out they didn't find a weakness in SSL, the problem is (like most popular sites) the username and password is sent over HTTPS but the rest of the user's browsing is done over HTTP with the session cookie passed in the clear. Once someone sniffs your cookies, they can generally perform session hijacking with most web sites. The reason why it's fairly low profile is because most people connect to the internet through a load of cables and switches, which makes it difficult to sniff the HTTP data. The moral of this story? Never trust public wireless access points. If you decide to use one, you should never use HTTP to do anything important like check your email. Personally, I tend to use wireless access points to connect to another machine (or two) that I have on the internet using Remote Desktop (which, by the way, can easily be configured to use SSL to avoid Man In The Middle attacks), and then do anything important on there.
Double eviction on Big Brother tonight! Who else is excited? Oh, just me? I suspect it'll be Shanessa and David that get evicted tonight. I hope it's them.
The Simpsons Movie is a lot better than I expected it to be, it almost makes up for how poor seasons 16 and 17 were. Almost.
I hate to say it, but I'm getting into Facebook. It's all Caz's fault, she told me to join it a while back but I only signed up the other day, and now I'm catching up with lots of old friends from uni (well, I'm reading what they're up to, I'll send them messages at some point). I'm not usually a fan of these sorts of sites, but this one has me interested. Yamahito has also been talking about their RSS feeds, which they've just introduced. All sites should have RSS feeds. RSS is great.
While I was away, I noticed an article on The Register about a presentation at Black Hat. The presentation was basically about session hijacking, a well known threat. The difference was that they were pushing how easy and insecure it is to hijack sessions when someone is reading their Google Mail (or Gmail if you're not in the UK) over a public wireless access point. Even when they use SSL! Yes, that bit caught my attention too, but it turns out they didn't find a weakness in SSL, the problem is (like most popular sites) the username and password is sent over HTTPS but the rest of the user's browsing is done over HTTP with the session cookie passed in the clear. Once someone sniffs your cookies, they can generally perform session hijacking with most web sites. The reason why it's fairly low profile is because most people connect to the internet through a load of cables and switches, which makes it difficult to sniff the HTTP data. The moral of this story? Never trust public wireless access points. If you decide to use one, you should never use HTTP to do anything important like check your email. Personally, I tend to use wireless access points to connect to another machine (or two) that I have on the internet using Remote Desktop (which, by the way, can easily be configured to use SSL to avoid Man In The Middle attacks), and then do anything important on there.
Double eviction on Big Brother tonight! Who else is excited? Oh, just me? I suspect it'll be Shanessa and David that get evicted tonight. I hope it's them.
The Simpsons Movie is a lot better than I expected it to be, it almost makes up for how poor seasons 16 and 17 were. Almost.
Fab - Friday 3rd August, 2007 23:09 Yeah Facebook is pretty addictive. I went and joined it recently. You will find a request from me.
There is one thing I miss though: running water, and water that's safe to drink out of the tap. It seems that the water's stopped again at my parents' house, which I'm currently staying at for the weekend, but even if it were running I'd have to boil it before I can drink it. We're slowly using up the bottles of water in the kitchen, hopefully things will be back up and running for them sometime next week.