Posted on 04 November 2010 by Olly Headey – Comments (4)
This past week a Firefox browser extension called Firesheep has been causing a stir on the web. Firesheep demonstrates how it's possible under certain circumstances to hijack website 'sessions' on another user's computer when you're sharing the same network - like when you're using FreeAgent at your local Starbucks. Since sessions are used to control access to pretty much all web applications - including FreeAgent - the security implications of session hijacking are clear.
We use a secure SSL connection for all requests to the application (like online banks, FreeAgent web addresses start with https rather than http), but unfortunately FreeAgent has been susceptible to session hijack attacks at the point at which you were logging in via our website home page or otherwise using a link which had been manually changed to http.
Of course we've now rectified this so you can be completely sure no-one is listening in, and we've had no reports of anyone being affected. But anyway, you can rest assured that we take this stuff seriously and we're very proactive in responding to such issues as soon as they rear their ugly heads.
Recent Posts
- Budget 2013: Read the small print
- The all new Payroll is here
- FreeAgent Friday - the mighty oaks edition
- Making the most of the tax year
- FreeAgent Friday - the seasonality edition
Archive
Categories
Twitter Love
Thanks to @freeagent I will never need to use the crappy HMRC payroll software come April.
all sorted and ready for PAYE RTI thanks to @freeagent awesomeness.
The latest reason why I continue to love @freeagent http://t.co/nfYqVJDfa4 HMRC chucks a stress out at businesses, FreeAgent bats it away!
Those folks @freeagent do it right. The confirmation mail includes important information: http://t.co/HCHIvgjpI0
@NickClement @freeagent its excellent for invoicing, very flexible & easy - esp billable time by task from timeslips-capture the revenue!
Follow: @freeagent
Over to you...