Title: Shepherd – an automatic and large-scale study of website login security
Time: 9:30
Location: Acadia Lab, Building Zeta
Type: Research talk
Speaker:  Hugo Jonker
Abstract: Logging in on websites is common. However, it wasn’t always secure – as FireSheep showed dramatically in 2010. A malicious agent could simply eavesdrop on WiFi traffic and steal credentials of logged-in users. In response to FireSheep, major websites fixed their login security. However, it remains unclear whether others followed suit.Investigating this scientifically is fraught with challenges: acquiring passwords, automating logins on unknown websites, etc. In this talk, we present Shepherd, the result of a 2 year engineering effort to automate website logins. Moreover, we will present and discuss the results of a security scan with Shepherd, which showed that out of 7,113 sites where login was successful, 2,417 (34%) is still vulnerable to some variant on the FireSheep attack.