I've talked to a few security people and regular IT folks about the FireSheep tool, and I've also read a few discussions about it. Some have called him irresponsible, some guilty, etc...
In a narrow minded, but broad categorization we could call Wireshark, TCPdump, or [insert sniffing tool here] authors into "guilty" parties. These tools can do the same thing. To keep the conversation...uh...focused we won't mention tools like Metasploit or even NMap.
I know this makes it more "accessible" to the common wanna-be attacker, but when are we going to stop using the "skills" gap argument? Do other physical security professionals rely on "skills" gap to protect them, or do they address the issues?
I dunno, innocent or guilty, a light has been pointed into a dark corner and now people are taking notice. If a constant drone of security professionals encouraging the companies to fix the issue isn't enough, then the attention from this will (or should).
No comments:
Post a Comment