Do you use free WiFi at coffee shops like Starbucks? Two words: Be careful!
There is a new Firefox extension called FireSheep, developed by Eric Butler, that is making many people a little nervous. The free FireSheep extension employs a packet sniffer which lets the user steal unencrypted cookies from popular websites like Twitter or Facebook as the cookies are being sent over WiFi. The extension shows all the found identities on a sidebar in the browser and allows the user to immediately double click on your account identity and use it as if they were you.
Although the extension was supposedly created as a demonstration of the flaws in current Internet security, many are crying foul. Firefox is not blacklisting this add-on though as it does allow one to test their system for vulnerabilities.
What is FireSheep?
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy. -codebutler
In order to safeguard yourself from a potential threat, be sure to login to secure networks that you know and trust. Or if you are going to login to your Facebook account and want to thwart a FireSheep spy, then always use the secure site: https://www.facebook.com/
You’ll notice this link has an “s” in the “https.” This makes the connection secure. If you are logging into your other accounts like Bank of America or PayPal, have no fear, those sites already use Https exclusively throughout the site.
Be sure to send this article to anyone you know who uses WiFi at coffee shops often.
Photo by Daquella Manera