Main Contents

One of these sheep is not like the other…

Ramblings

Firesheep on the loose

Well, it’s holiday time again and many of you will be traveling or enjoying a cup of coffee at the local barista trying to get away from the crowds. As we live in a hyper-connected society, you might feel the need to check the shipping status of that last minute gift or see if Aunt Susie sent another e-card.

Free public access wifi connections are a wonderful thing. Easily hook your laptop or phone up to the network and you’re surfing away in a holiday bliss. Not to burst your bubble, but there is a black sheep out there that you need to take precautions against. Its name is Firesheep and it’s out to take over your accounts.

Firesheep is a plug-in for the Firefox browser that allows the user to see anyone on an unencrypted wifi connection who logs in to a number of websites including many day to day sites like Gmail, Facebook and Twitter. The user just sits back, waits for someone to login to a supported site. They will get a notification that a site is available and all they have to do is click one button to login to your private account – as you. This is very serious when it comes to your email as it is usually connected to your bank account.

A little history
Many websites have an encrypted login for the user but once the user has entered their name and password they are sent to an un-encrypted site. The browser uses cookies to store your “session”. All Firesheep has to do is look for that cookie being sent over the network and make a copy. Once it has it, it can pretend it’s you. The method used by Firesheep is not new. There have been a number of software packages that use this procedure for years. However, Firesheep is the first to make it point and click easy.

So what do I do?
The easiest thing would be to not use open wifi for anything important. That’s not always going to be possible, however. If you are using Firefox as your browser there is a plug-in called BlackSheep that sends out a number of fake session cookies and crashes Firesheep. Also, if you have access to a corporate network, using a VPN (virtual private network) tunnel will encrypt all your data. And, if you are using Gmail make sure to change the setting to “always use https”.

It’s easy to get paranoid that everyone is trying to steal your data. Most people are just checking their email or enjoying their cup of coffee. Just take a few precautions and be aware of what is out there and we’ll all be enjoying the New Year soon.

December 23, 2010

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Home