Warning! Is Your Online Account Ready To Be Hi-Jacked?
An interesting article from the F-Secure “News from the Lab” site talks about a new tool called Firesheep. In the article “Firesheep: Making the Complicated Trivial” there is a stark warning about surfing the web using unencrypted wireless HTTP connections – something that happens every day for millions of users.
Firesheep is a third party add-on for the Firefox browser which can scan local Wi-Fi networks and look for users who are currently logged into social networking sites such as Twitter, Facebook, Dropbox, Flickr and WordPress.
The application then allows you to hi-jack the sessions and as the article says “allow you to become them” – the point being to raise awareness of the risks involved in browsing using insecure connections.
As an illustration of how the system works imagine a sandwich that has a slice of bread at the top of the sandwich and a slice at the bottom – lets call these our encrypted layers. When you look at the sandwich from the top all you see is bread (encrypted traffic) – but what do you see if you look at the sandwich side-on? Bacon, Lettuce, Tomato perhaps? Now, imagine someone could slip some mustard between the lettuce and tomato layer without opening the sandwich? You might get quite an unexpected surprise when you bite into it.
Ok, so the analogy is a bit rubbish but what typically happens when you visit a website is that you logon which uses some form of encryption, and again when you log off there may be some encryption (mostly to do with cookies which are plain text files stored on your computer which are often used to handle web sessions). As the Firesheep website tells us “It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else.”
Best (or worst!) of all, Firesheep is free and open source, which makes it available to just about everyone.
Some tips to improve your security:
- Avoid using unsecured wireless networks
- Check your own Wi-Fi setup to ensure it is secured
- Log out of services when you are finished using them
- Avoid using public hotspots when dealing with sensitive information
To learn more visit Codebutler: Firesheep.