From what I've read of FireShepard, it's a really bad countermeasure. Basically as described it's doing a DoS attack on people using FireSheep, probably triggered by a coding error that could be fixed.<p>Two big problems<p>1) What if the DoS affects other parts of the infrastructure like the Wireless Access Point. Can't imagine hotspot owners will be too happy if people start doing this all the time.<p>2) False sense of security. Using FireShepard is unlikely to stop other means of getting access to the data (eg, kismet), it only stops FireSheep (for now).
This a naive question, but what would prevent Google from buying one of the trusted CAs (or fast tracking their own service into most browsers) and knocking the bottom out of the cert market with a free and easy SSL solution?<p>It doesn't make much business sense, but it fits in with some of Google's more philanthropic initiatives for a healthier net.
A better solution would be for those sites targeted by FireSheep to force encrypted connections to login.<p>Also a simple fix for open networks is to enable WPA encryption with a simple password and give it to everyone that wants to use the network. It works the same to the end user (just one extra step) but at the same time protects them from unwanted snooping.<p>On a side note, all those coffee shops that don't like people solely using their networks and monopolizing tables, this news could push people to use unsecured networks less.