When most people go out to a public place, such as a coffee shop, hotel, or a park, they might be happy to find free WiFi and quickly log on to their favorite websites. But security experts warn that this is exactly what hackers are hoping for and are just waiting to harvest unsuspecting user’s online identities.
Most people use free WiFi to check their e-mail, make a quick bill payment, or even to update their their social network status. What they don’t know is that Internet users are placing themselves at great risk every time they do this since almost any skilled hacker can see everything they are doing. But with the invention of Firesheep, one doesn’t even need to be a hacker or have any skills to spy on a user’s Internet activity.
Previously only possible for an advanced hacker, stealing user data from WiFi networks is now as easy as possible with the free Firefox extension “Firesheep.” The way that this extension works is that it searches the network for cookies and steals them for itself.
Cookies are what allow users to stay signed into a website’s account when they navigate onto different websites, and without cookies a user would have to enter their user name and password every time they returned to that website. By stealing the cookies, hackers could log into your web session and bypass the security altogether.
In simpler terms, user A can log onto a website such as Facebook or Amazon using their user name and password, and user B, or the hacker, can then steal user A’s cookie and hijack the logged in session, gaining total access to the website as user A without ever being asked for a password.
The creator of Firesheep (Eric Butler, a Seattle programmer) created the Firefox extension to highlight the security vulnerabilities of many websites that users assume to be safe and also to encourage users to surf unprotected WiFi networks with caution.
The first thing you should do to protect yourself is make sure the WiFi network you are using is password protected. If it is not, you are leaving all of your web activity available for the world to see.
Also, when you log into a website, check to see there is an “https” in the address bar of your web browser instead of just an “http” as this means the website uses encryption and your logged in session cannot be hijacked.
You should also make sure that the “https” is there the entire time, as some websites like Facebook, only use the encryption on the log in page and go back to the unprotected “http” version right after. This means that once you log in, your session is no longer protected and can be hijacked by a hacker or a tool such as Firesheep.
So, next time you’re hanging out at your favorite cafe, think twice before using any free Wi-Fi networks to update your social networking profiles, shop online or login to any other “secure” website.
(Via Hawke’s Bay Today)