HideMyAss VPN Review - 95% of Network Fast Enough for Streaming High Def!

httpI came across a really well done VPN review on HideMyAss.  The folks over at VPNandUsenetReviews.com did an amazing job on an indepth review of the HMA VPN software and service, including a full test. 

They did such a good job they documented just about everything in the software, and then went off and did a full speed test.  But they didn't stop there, they actually did some math on the results and produced some real conclusions!  Amazing...

The basic conclusion is that HMA has a really fast network.  Over 95% of it can support speeds suitable for streaming high def.  Even if you accept some of the highest measures of speeds required, over 70% of the HMA VPN network still meets the requirements.  Pretty cool when you consider it's only $11.52/mo.

The indepth review includes screenshots of almost all the HMA features in their VPN client software.  It also includes all the speed test results from the 20 something countries that HMA offers.  

Have a look at all the screenshots of the software and the full test here.

Personally I like both VyprVPN and HMA for VPN service and VPN clients.  I think either one is an excellent choice.  They both end up highly ranked over at that site too for obvious reasons (price, features, performance, etc.)

Sharepod - Say Goodbye to iTunes and Copy your Music

Sharepod is free software to change, backup, and share the music on your iPod.

Drop iTunes.  It's a piece of crap.  It's so bloated I don't even think "Beat the Bloat" could solve the problem.

 Get with the times and check out Sharepod.  For one thing, the footprint is tiny.  Oh, and by the way, you can backup, copy, and share ANY music on ANY iPod. 

If ever there was a reason to dislike Apple, and/or Apple software, that reason is iTunes.  Unfortunately there are so many people that use this PoS, trying to get people to switch is damn near impossible.  iTunes is on version 10.x these days, and it still sucks mightily.  +100mb install file?  Yeah iTunes has that.  Persistent processes in the background, regardless of whether an iDevice is plugged in?  Yeah iTunes has that.  A totally retarded sync process? Yeah iTunes has that too.  Hangups during "verification"?  Oh yeah baby, iTunes is all over that.  Application lag on ultra-fast core i7 machines?  Aww yeah, iTunes for the win!

 So just kick the habit.  I know it's hard.  I know a bunch of you have iPods and are used to dealing with the hassle that is iTunes.  I won't even get into the iPhone, because without iTunes you can't even activate the damn thing (unless you do it in store, or elsewhere).  Still, there's no reason why you shouldn't check out Sharepod.

Hell, at least use it to copy/backup/share the music on your iPod.  That's something iTunes will NEVER do.  Throw your iPod down, connect the cable, and start the share love.  Friend comes over to your pad with sweet tunes on their iPhone/iPod?  Backup that shiat!  Get your SHARE ON, and spread the love amongst the people.  Get Sharepod!   

10 Great Android Apps - MORE Shit You Totally Need

Another list of 10 NEW highly recommended and totally FREE Android Apps that you totally need.

Following up on my previous post, 10 Great Android Apps - Shit You Totally Need, we have a whole NEW list of another 10 Android Apps -  MORE Shit You Totally Need!

As another belated Christmas gift to yourself,  I offer you even MORE shit you totally need.  All FREE!  This isn't some NYTimes best apps of 2010 puff piece.  This article, and my last one, are actually full of QUALITY FREE APPS.  I swear to god I see another new article peddling the same crappy pay apps (that they most likely get paid to promote), I'm going to send the author and the editor a rage comic on the subject. 

Oh, and if you're really hard up from Christmas, because all you got was a fruitcake and an ugly sweater, I suggest you also browse my list of Top 10 Android FREE Live Wallpapers!

Handcent SMS
The stock SMS/MMS for Android 2.2 is "meh".  Handcent is "aww yeah baby".  New styles, additional themes, customization, font packs, colors - more settings than you shake a stick at.  Hell, it can even make your SMS look like the iPhone with "the bubbles".  Some girl I met at a bar described the messaging that way when she saw it, "Oh that has the iPhone bubbles".  LOL.  Seriously though, it's a killer app and a definite improvement over the stock version.  Free.

Liquor Run Mobile
This little app comes in handy more often than you would think!  It lists all the liquor stores near you (or anywhere in general).  Plus it has cocktail mixing directions and tons of other features.  The mascot is perhaps the coolest part though, it's a bottle of booze running.  Who couldn't love that mascot?  I want a t-shirt with him on it.  Free.  

AppBrain App Market
Although similar to the Android Marketplace, this is definitely superior to Google's stock offering.  There are more ways to sort, search, and filter.  You'll find a lot more cool apps through this market than you will in the stock marketplace - guaranteed.  Install it.  Free.

Winamp
The original badass MP3 player is available on Android.  And yes, IT REALLY WHIPS THE LLAMA'S ASS!  This is probably the best free player out there.  Plus it will sync with your desktop version of Winamp (if you so choose).  All in all a really great player and big improvement on the stock media player.  Free.  

App2SD
Since Android isn't gay, like some of it's competitors...it allows you to install Apps to your microSD card.  This is really nice and ultimately allows you to install tons and tons of apps.  However, it's tough to know which apps support this feature of running on SD (not all do).  Furthermore, you have to do it by hand - individually.  SUCKS.  But this little app solves all that.  It searches your phone apps, finds which ones can be moved to SD, and helps you move them more efficiently.  Free.

GTunes Music
GTunes is kind of like Google, for music.  Search, and download.  It's that easy.  It will let you preview before you download too.  The app also has charts for billboard, specific genres, and countries around the world.  So if you're just looking for some 'Pop', hit up the chart, and start searching.  Downloads MP3's right to the phone.  Somehow I don't think the walled garden is down with that...so jump that wall, sucka!  Free.

PageOnce Travel
I did an earlier article, awhile back, on a head to head comparison of PageOnce Travel and TripIt.  Both apps rock, and both apps make this list.  PageOnce is still slightly ahead because it offers free flight status updates.  In addition to this handy feature it auto-creates your trips from your accounts.  Very nice to have for anyone who travels, even if it isn't that frequent.  Free.

TripIt
TripIt is still a badass app, and it sure as hell ain't no slouch when it comes to travel organization.  Now that it can auto-create trips from confirmations sent to your Gmail account, it's taking big steps forward.  It also handles things like dinner reservations, special events, etc. etc.  I run both PageOnce Travel and TripIt, and you should too.  Don't get caught at the airport or the hotel without your confirmation number.  You're holding up the damn line!  Free.

XBMC Remote
Ok, so first off, if you don't have XBMC...you should.  God knows you have a ton of media on your computer(s).  Music, Pictures, Video, Movies, TV Shows - I know you have it.  Install XBMC, get a media library, and watch your content like a pro.  Impress your friends.  Find a nerdy girl and get her on your couch.  Then, pull out your phone and use it as the remote.  Aw yeah, baby...that's right.  My full review is here.  Free

ADW Launcher
This is the beginings of full customization of your Android phone (minus a custom rom, of course).  ADW, and it's array of themes + customization give you complete control over the look and feel of the phone.  Change the drawer, change the icons, change the status displays, change it all.  There really isn't a limit once you get ADW Launcher going.  Which is very easy.  Download, install, find a theme, and use it.  Then hit your home button.  Done.  Free.  (maybe in the future I'll do a full howto on this...)

So there you go.  10 Great Android Apps - MORE Shit You Totally Need.  Combined with my last list, that's 20 FREE and HIGH QUALITY Apps for Android.  The best part is, I didn't have to sell out to write these lists, nor did I have to study Journalism in college and suckup to some loser in a turtle neck.  New York Times, USA Today, Wall Street Journal - I'm looking at you fools.  Your app lists suck.  Mine do not.  Stoneycase - 2, MSM - 0. 

10 Great Android Apps - Shit You Totally Need

A list of 10 highly recommended and totally FREE Android Apps that you totally need.

Now that Christmas is over, I'm sure you didn't get everything you wanted!  So, why not treat yourself to some cool new Android apps that don't cost a dime?

Below is a list of 10 Great Android Apps, all totally FREE.  This is shit you totally need.

Each app has a link to the AppBrain market so you can download it to your computer, or you can just navigate to the app in the market on your phone.  Screen grabs are included and the descriptions should do a decent job of telling you why that app is SHIT YOU TOTALLY NEED!

VLC Stream & Convert
I've posted on this awesome app quite a few times, so it's obvious I would put it on this list.  Stream HD/SD/MP3 from your computer to your phone.  Over Wifi/3G/4G.  Convert files for playing on your phone.  Use your phone as a remote control for VLC (i.e. control the computer's VLC from your phone).  It's badass.  Free version and paid version.

VLC S&C is the king of streaming

Streaming a 720p MKV file to phone via 3G

Pandora
Have you been hiding under a fucking rock?  Download this app and listen to music.  Enter info to create a channel (like a song name, artist, genre, etc.).  Listen to music on that channel.  It's kind of like being able to create your XM radio channels.  Be careful with their updates though...sometimes shit breaks.  Check the comments before updating this app.  I'm still running an old version, but it seems like their latest fixed a bunch of bugs.  Free application.  Free and paid subscriptions available. 

NextApp System Panel
Best app utility out there for Android.  Check running tasks.  Kill tasks.  View processor, memory, and network useage.  Collect device performance history in easy to read graphs.  View the Top Apps utilizing processor power.  Shows you tasks running that even Froyo won't show you.  Free.

BatStat Battery Widget
Great widge for one of your home screen.  Get percent readout on battery life, temperature, and voltage.  Very accurate.  Very easy to use.  Minimal footprint.  Does not drain battery.  Beware of other impostors they will drain your battery! (kind of ironic when you think about it...) Free.

BatStat is next to the Airplane Widget

Pageonce
Display all of your "accounts" in one easy to read screen.  Financial - like banking, savings, investing, etc.  Bills - like comcast, att, sprint, etc.  Subscriptions - like Netflix, etc.  They just put out a big update for their Android app and changed the look and feel.  Nice upgrade.  You need this.  Free and paid version.  Edit to add:  A lot of people are commenting on this...so some extra info for those interested:  1 - you enter the account info using the website, primarily.  Account numbers are not displayed in the phone, just balances and pertinent particulars (cell minutes remaining, bill due date, recent transactions, outstanding balance, etc.)  2 - you can't access accounts or manipulate accounts from the phone (or the website).  In other words, you can't transfer funds, change passwords, change address, etc. etc.  It only displays info - no controls offered.  3 - you can put a special password for the app itself, which can be diff than your phone password.  you can also allow/deny access to the phone using the pageonce website.  All in all, unless you consider the ability to view your account balances a significant security risk, there really isn't much reason to worry.  

Youmail
Visual voicemail.  Customize answering messages by contact, or by contact groups.  Manage your voicemail via the web.  Very easy to use, very easy to setup.  Free and paid version.

TV.com
Watch TV for free on the phone from CBS.  It's one provider only, but the offering is good, and the quality is good.  Full episodes, live TV and clips.  Free.

ASTRO File Manager
Best file and folder manager out there for Android.  View files/folders over the network.  Has a great image viewer for viewing large picture galleries.  Let's you basically treat the phone SD card and memory like Windows Explorer.  Free.

JamBase
View shows and artists going on in your area.  Add a list of your favorite artists, see when they play next.  Use the locator to see whats going on around you.  Learn about the show, venue, artist and even buy tickets.  Very easy to use.  Free.

ShootMe (Screen Grabber)
Take screenshots of your phone.  Turn on the app and shake the phone.  Presto - screenshot.  Saves the pictures to a folder on your SD card.  Very easy to use.  It's how I make screenshots for this blog.  Free.


So that's it, 10 Great Android Apps to get yourself as a post-christmas gift.  The best part is everything is totally FREE.  Look for another installment of Android Apps - Shit You TOTALLY Need coming in the near future!

Free Internet TV - How to Watch TV for Free (with Sports!)

This post will cover how to watch TV for free over the internet, including your favorite sports!

More and more people are watching multimedia content online.  It's only natural that content traditionally found on "TV" finds its way to the internet.

However, for the most part, the television industry is fighting this expansion.  Large cable providers do not want to lose subscribers to the internet.  Studios and content owners don't want their shows and material available free via 3rd party.  Advertisers are concerned that they aren't getting enough exposure due to these losses.  What's all this add up to?  It's really not that easy to find TV for free on the internet.

I'll try to fix that for you now.  

First off, some basic software you should be aware of:

Hulu - This is probably the best known and most popular way of getting TV over the web.  Hulu recently added a paid subscription tier to it's service.  This highlights my above comments, studios want money for their shows being played online.  Hulu had to institute a paid service tier in order to continue operating, and to be able to continue serving "premium" content (i.e. new shows).  Some people may or may not know that Hulu Desktop software exists and works quite well.  Try it!  You can even use your TV remote control.  (I'll cover that setup in another post later on)

Hulu Desktop Software

XBMC - This software has been around since the first XBOX.  This is a great way to organize and play all of your existing TV content on your TV.  Simply hookup your TV to your computer, install XBMC, and it will auto-create a library of movies and TV that you have on your computer.   This software really shines for anyone who already has an existing library of movies, tv, pictures, and/or music.  Myself, I have over 4TB of content that XBMC serves up nicely on my plasma tv.  You can't go wrong with XBMC.

XBMC TV Library Screenshot

Boxee - This software is an offshoot of XBMC, but it has a more "friendly" feel.  Boxee also contains what I like to call a "TV Scraper".  It has a library of all the available TV online.  You can watch TV from Hulu, Comedy Central, USA, etc.  If it's available from the provider online, it gets scraped up and added to Boxee's library.  So instead of just being able to watch what Hulu has available, you can also watch, say Comedy Central, via one easy to use interface.  Boxee, much like XBMC will also organize and play any existing content you already have saved as well.  Boxee also recently released a set-top box.

Boxee TV Library Screenshot

Now for some free websites that show TV online, including sports!

MyPremiumTV - This website has limited channels and plays a lot of overseas/international.  However, you can almost always find big sporting events in the US on one of the channels.  This could include NFL, MLB, NBA, etc.  For example, most Sundays, some NFL games will be shown.  The website is very friendly and does not do a lot of crazy pop-up advertisements.  You can also go full screen, and the quality of the video is pretty good.

HackedCableTV - This website is somewhat more difficult to navigate, but it has a lot of channels.  It also plays sports as well, in addition to movies, and regular channels such as TNT, TBS, Syfy, etc.  There is international programming available too.  This site tends to take a "scraper" approach, which means if there is more than one source for a particular feed/channel, it will list them (source #1, source #2, etc.). 

FromSport  - This website focuses exclusively on sports.  It covers all kinds of sports as well, not just north american.  In addition to american football and baseball, you can also find cricket, rugby, and other sports available to watch.  Many times HackedCableTV will actually be linking to FromSport.  Overall quality and speed is very good, however you may find that some sources are better than others. 

That's it for now!  Do you have any other free TV sources online that you would like to share?  Post 'em in the comments and I'll add them to this post!  Also, what are your thoughts on bogarting TV via online sources?  Piracy?  Doing what has to be done?  Saving $100's every month on the cable bill?  Trying to teach the industry that most of us don't want to pay for channels we don't need?  Making the set-top box obsolete?
 
reader submitted:
Justin.TV - This is a good site, and good suggestion!  Other users, around the world, host TV stations for anyone to watch.  The TV stations can be regular "TV", or even a webcam show.  You can find all kinds of good content on here, on a pretty regular basis.  Quality tends to vary, as each user controls what they host.  I have used this a little bit myself, but I often find good sports games (like NFL) get turned off fairly quickly. (thanks to Planet Ben and MarcABlax for this submission!)

Filmon - Another great reader submission!  This is a site I hadn't tried before, but I was immediately impressed with the ease of use and quality of the channels.  You can find major networks like KTLA (that's local Los Angeles), NBC HD, CBS, Bloomberg, and even a few international channels.  All told there are about 30 channels or so (including 2 XXX channels!), which is pretty good for a single site.  I would definitely recommend taking a look at this site for it's quality, ease of use, and fast load times.  It looks like it used to be a pay service, but once they were sued in US court they decided to go all FREE! Their bread and butter seems to be the re-broadcast of free HD-OTA (over-the-air) channels, hence KTLA, KCAL, KTTV, etc.  (thanks to Telia Tuli for this submission! note: he mentions the pending court case)

HackedCableTV - Alright, we got the site owner reading and commenting! Very glad to see that.  Thank you for your support!  He mentions an important note that should be passed along:  a lot of these sites, like Hulu, Filmon, etc will tailor their offering to the country you live in.  For example, without a US ip address, Hulu is a no-go.  Filmon has both UK and US feeds, and tailors them based on ip.  So try changing your ip address!  Also, definitely head over to HackedCableTV.com, it's a great site, and it does a damn fine job of putting together all the tv available on the web.  A great one-stop-shop for internet tv.  

Fancast - This is an offering from Comcast that was launched earlier in 2008.  This was submitted to me by a friend who, like me, does not have regular CableTV.  You do not have to be a Comcast customer to watch TV and movies offered by Fancast, however some of the content is locked and available only for current Comcast customers.  For example, HBO content is offered, but only for customers with HBO subscription.  Also, mainstream shows are offered like Lopez Tonight, but only for comcast customers with existing cable subscriptions.  So, it just depends on whether the free tv is enough for you.  Quality is as good as Hulu, and the programming is as you would expect (new shows like Burn Notice, Bones, etc.).  

ATDHE.net - Another reader submission! Woohoo!  This is also a new one for me, and appears to be primarily sports, which is pretty cool.  I see sports listed from all over the world, including the major North American sports like NBA, Hockey, etc.  They also have the NFL Network! Big plus there.  In addition to the sports channels they have about 12-15 "regular" channels.  These include show driven channels, like The Simpsons, South Park, and Frasier.  This site also has what looks to be some PPV action, with UFC and WWE channels.  All in all, a pretty good site.  Quality of the channels varies, but overall it is pretty good.  Load times are quick, and pop-ups/advertisements are limited.  (thanks to DDX for this submission!)

MyP2P.eu - And the reader submissions just keep on coming!  MyP2P advertises on the banner for MyPremium, and this is one I have tried before.  However, I am not a "huge" fan due to the software requirements needed to watch some of the programming.  Without getting too much into detail, this site is really not bad, and plays both Live TV as well as Live Sports from around the globe.  You can search by country, or by sport.  There are music, entertainment, and kids channels as well.  Overall, MyP2P has one of the largest channel listings of all the internet TV sites.  It is fairly easy to navigate as well.  Just be careful of the software like sopcast, etc etc that may be needed.  You may also end up with problems steaming to Win Media Player too...Personally, I think it's easiest when they just use Flash, but YMMV.  Still, this is a good site, with tons of good content - both TV and sports.  Definitely check it out and decide for yourself.  (thanks to DDX for this great submission as well!)



note:  I am not necessarily endorsing stealing TV via online sources.  I am not a lawyer.  Some of these sources may be more legitamate than others.  As for me, I don't have cable TV and catch all my NFL (as well as the recent MLB World Series) via these sources. YMMV. 

hint:  try these websites out on your PHONE!  3G is typically decent enough, though obviously wifi or 4G is better.  also, make sure your phone supports Flash (sorry walled gardeners...) you can even go fullscreen on the phone!

hint:  for those of you outside the US, you will need to change/disguise your IP address in order to access site likes Hulu.  yes, this even includes the canadians.  here is an excellent list of proxies by country, enjoy!

How to Beat Firesheep - Secure Open Wifi (Part 3)

This is Part 3 of the Firesheep series, How to Beat Firesheep.  Part 1 introduced the tool and the attack, Part 2 talked about the seriousness of the vulnerability.   
Part 3 will tell you how to beat Firesheep.

Let's drop in a lil napalm and cook 'em down!

First, let's setup up some basic ground rules:

• We all know you're going to be on Open Wifi at some point, so telling you "get off open wifi" is retarded
• The problem is essentially owned by the website operators, not the Wifi operators.  The issue is HTTP cookies, and the ability to session-hijack, not the ability to login to a Wifi access point at Starmucks.
• Sites that are vulnerable to this attack today may not be vulnerable tomorrow, however, there will always be sites that are vulnerable, therefore it is important to at least try and browse securely while on Open Wifi

Some of these solutions will be geared toward the technically savvy.  Some of them will be easy.  Some of them may require that you pay money.  Overall, I think at least one of these solutions will work for everyone.

 Let's get started.

1. Secure your browsing on the Open Wifi by using VPN.  This is by far the most effective and best way of solving the problem.  This will encrypt all of your traffic on the wifi network and defeat anyone trying to use Firesheep against you.  It can however cause you to spend a few bucks.  Solutions like VyprVPN are perfect for solving the session-hijack problem.  See my earlier review on VyprVPN here (figures it would come in handy!)  quick note: VyprVPN is included free in Giganews subscriptions.
2. Secure your browsing on the Open Wifi by using SSH.  This is very similar to using a VPN, except I would consider it much more difficult to setup.  Essentially it provides the same benefit, an encrypted connection. Lifehacker did a good tutorial awhile back on setting up a free SSH server using your home computer here.  Cygwin and OpenSSH are essentially the solutions here, but beware, setup is perhaps not for the faint of heart.  Ducks need not apply.     
   
3. Utilize SSL versions of websites (HTTPS rather than HTTP).  This is easy.  Many websites have HTTPS versions, even Facebook.  However there is a major drawback:  often times while browsing you will inadvertently switch back to HTTP.  Try that Facebook link, then click around - see the problem?  You're switching from HTTPS to HTTP in a heartbeat.  This solution is easy, but perhaps less than ideal, and not very effective.
4. Install Firefox addons that will automatically direct you to HTTPS website versions.  Two options are:  HTTPS Everywhere and Force-TLS.   This is also easy, and it will solve the problem of having to remember to type "HTTPS", or change your bookmarks.  The addon will automatically direct you to the secure version of the site.  Of course this still suffers from the same problem as #3, websites will easily switch you from HTTPS to HTTP, and is therefore still problematic.
5. Use the "Blacksheep" addon. Blacksheep is a firefox addon that will supposedly scan the Open Wifi you are on and determine if anyone is running Firesheep on it.  So, if it you see a return, then at least you are aware of what's going on, and can hopefully take the necessary precautions.  Still this does not solve the problem, it only makes you aware of the potential danger.  Blacksheep does tell you the IP address of the attacker though.  But if you're sitting in Starmucks, this may mean all you can do is yell out "Hey 192.168.0.XXX, you SMOKE POLE!"  There is another drawback to this too - you don't need Firesheep to conduct this type of attack (Wireshark + WinPCap = Win).  So although Blacksheep may detect Firesheep, it does not solve the session-hijack problem.  The other issue here is this software is newly released, which could mean a back-and-forth between the "sheep".  (fix, counter, fix, counter)
6. Use a Mifi/Cellular Modem/Hotpsot type device.  I think every major cellular provider in North America sells these things.  Some of them are just USB sticks you plug into the computer.  In other cases, you can tether your phone to the laptop.  The problem here is this costs money, a lot of money, and is tantamount to saying "don't use Open Wifi".  Not an ideal solution, although it is effective at solving the problem. 
7. Use Fireshepherd.  This is a brand new piece of software designed specifically to combat Firesheep.  It is not an addon like Blacksheep.  Fireshepherd periodically sends out a stream of garbage that is intended to screwup or crash Firesheep.  YMMV with this software.  So far I have not read any reviews or done extensive tests myself.  As I said, it's brand new.  The other potential drawback is that this, like Blacksheep, does not apply to the actual root problem of session-hijacking.  In other words, this may be another solution to the Firesheep issue, but not a solution to the session-hijacking problem.  This is also vulernable to the same tit-for-tat as Blacksheep.   
8. On a Mac? Try Meerkat.  This is basically setting up SSH for your Mac, but Meerkat makes it a little easier.  Of course, Meerkat costs money.  There is a very good guide that deals with the entire Meerkat setup process here.  Remember, OpenSSH is installed in Mac OS X by default.  However, you still are going to deal with setup though, and again, that depends on whether you're a duck or not...

Warning from Blacksheep that Firesheep is active on your network

What are the other pundits saying?  Most of them are going with VPN as the best solution, including the Firesheep developer himself.  Hey, if Harvard recommends VPN, there must be something to it, right? 

I heard these people were smart

I would honestly reccomend people look into a secure service like VyprVPN.  Cost is minimal and benefits are great.  Especially if you are conducting "work" over open Wifi, or if you are spending time on social, financial, or other private sites  Consider it your own little private encrypted tunnel on an otherwise open network.  I have no problem endorsing VyprVPN as an ideal solution that will keep you on Open Wifi, but keep you safe from kiddies session-hijacking your logins (VPN solves a number of other security concerns as well).  As I mentioned in my earlier review, this service also comes free with Giganews, so if you're already on Usenet, now may be the time to look at Giganews.  

I figure it's also worth mentioning solutions that are NO GOOD.  In other words, these will NOT WORK.

• Using Tor.  Tor will not solve your problems.  In fact, if the owner of the exit node is running Firesheep, you just got pwned, hard.  Even the Firesheep developer thinks using Tor is a bad idea.
• Enable WPA2 and tell yourself "it's all good now".  Sure, you've done good, but you can still get pwned, pretty hard.  ARP poisioning and DNS spoofing take a little bit more tech savvy, but software exists to conduct those attacks as well - on either a wirless WPA2 network, or a wired network.  Google: Cain and Abel.  
• Using a VPN or SSH tunnel you don't know and trust.  This is bad, mmkay?  You just pushed the problem off to that exit connection.  Since you don't know anything about it, and clearly can't trust it...you're basically asking for trouble.  "Use VPN" is good, but just blindly using whatever VPN is not - get it? 

As you can see from the above, the solutions basically come in two flavors:

• Encrypt all of your communications on the wireless network (VPN, SSH, Meerkat, etc)
• Encrypt the communications with the particular website (HTTPS, Addons, etc.)

Both of these flavors have one thing in common: encryption.  If you don't know, now you know. 

BTW, if you are running Firesheep for whatever purpose, be aware that Microshaft is detecting it as a "virus/malware".  I lol'd.  Another BTW, if you are using the standard Windows antivirus/antimalware you should seriously consider upgrading to an alternative.

Getting pwned by script kiddies is bad, mmmkay?

Attack Clients on Open Wifi - Firesheep (Part 2)

Looks like the 15 minutes of fame for Firesheep is getting extended...

Sites you can pwn using Firesheep:

• Facebook
• Twitter
• Flickr
• Yahoo! Mail
• Windows Live
• Hotmail
• Google.com (not GMail)
• Slashdot
• Amazon
• Newegg
• Home Depot
• United Airlines
• Office Max
• Wordpress (when not using their optional SSL)
• More coming soon!

Why is it so easy for mass pwnage?  A lot of sites, including most social networking sites, use HTTPS only for the login form.  After that, it's all good ol' HTTP.  Also, in general, its very difficult to have persistent HTTPS, or end-to-end encryption.  So, for this type of "session-hijack" you don't even need the user/pass of the victim.  Essentially the attacker can impersonate the victim, thus taking control of the account.

In truth, Wireshark did this ages ago via the little-known-method of copy/paste :)  Turn the clock back to the beginnings of 802.11, war-driving, wep-cracking, and this type of attack was still valid.  Why all the discussion now?  Because instead of copy/paste, you get a nice little GUI and employ the uber-powerful double-click!

What does all this mean?  Whenever an attack gets easier, it tends to become more popular.  You can bet top dollar that going forward, at Starbucks, Safeways, Hotels, or wherever there is free open wifi, there will be someone running Firesheep.  Hint:  look for the script kiddie, social outcast, or the dude laughing so hard he looks like he may shit himself.

Few words of caution if you intend on "testing" this out in your neighborhood:

• People are already doing this, so you're behind the times (see above link)
• Most owners of open-wifi at commercial establishments have ToS (terms of service), you are likely violating those terms of service.  However, those ToS also go both ways, informing users that there can be no expectation of privacy, or liability for the store/wifi owner, should damage occur.
• In many countries/states/counties/cities, it is illegal to sniff networks for user information unless said users authorize the action.  Check your local laws. IANAL

To finish out this post I think I'll add a short list of additional "connections/networks/protocols" that are vulnerable to Firesheep (yeah so I interchanged words that shouldn't be interchanged, sue me)

• POP3 Mail
• SMTP Mail
• IMAP Mail
• FTP

Hint:  SSL/TLS, SSH, and VPN are your friends!  Stay tuned for Part 3 that will describe how to beat Firesheep!