Preventing Session Hijacking
This past week a Firefox browser extension called Firesheep has been causing a stir on the web. Firesheep demonstrates how it's possible under certain circumstances to hijack website 'sessions' on another user's computer when you're sharing the same network - like when you're using FreeAgent at your local Starbucks. Since sessions are used to control access to pretty much all web applications - including FreeAgent - the security implications of session hijacking are clear.
We use a secure SSL connection for all requests to the application (like online banks, FreeAgent web addresses start with
https rather than
http), but unfortunately FreeAgent has been susceptible to session hijack attacks at the point at which you were logging in via our website home page or otherwise using a link which had been manually changed to
Of course we've now rectified this so you can be completely sure no-one is listening in, and we've had no reports of anyone being affected. But anyway, you can rest assured that we take this stuff seriously and we're very proactive in responding to such issues as soon as they rear their ugly heads.
- Looking back to look forward - the value of retrospectives in your business
- The best times to make changes in your business
- Time tracking update
- Five ways to run better meetings
- Four work activities to start tracking today
- Great Spreadsheet Debate
- Growing Your Business
- FreeAgent Friday
- Tips & Advice
- News & Events
- Press Buzz
End of month and having another moment of raw appreciation for just how much easier @freeagent makes things for me...
@freeagent I love your relentless quest for enhancement: it shows you're as committed to evolving my business as I am.
Picked up some parcels from the post office. Got this from my secret admirer, @freeagent. Thank you, love you too! http://t.co/1xzcCpIGpG
If there is any award out there for UX, you should get one, @freeagent. The most pleasant UX I’ve ever experienced with a web app.
Really happy with FreeAgent as my #onlineaccounting tool. Plenty of positive feedback from clients and easy peasy to use #tax #business