The casual coffee shop visitor who whips out his or her laptop to enjoy some free Wi-Fi service has more reason to be concerned these days.
Developer Eric Butler has produced a web browser add-on called Firesheep that makes viewing and using people’s private, sensitive information over wireless networks easy for even complete novices.
Butler reportedly had good intentions in creating this very dangerous tool. Because of its ease of use, Firesheep’s potential for doing damage is huge. Butler explains that “it’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable.” Because of the widespread exploitation of such security holes, Butler contends that he created Firesheep “to demonstrate just how serious this problem is.”
Firesheep works by snatching up “cookies”—packets of information that websites use to keep track of your login session and preferences—as they’re transmitted through the network unencrypted. With those cookies, someone can easily masquerade as you by logging into your favorite social networks. In theory, proper layers of encryption would stop Firesheep and similar programs from intercepting such wireless transmissions, but normal interaction with social networks like Facebook and Twitter usually doesn’t involve such security. Indeed, reports of hacking into people’s Facebook profiles are popping up all over the Internet.
Keep in mind that whenever you attempt to access the web through a public Wi-Fi network, you’re a potential target for hackers. Whether you’re in Starbucks sipping a latte, on your college campus, at a restaurant at lunch time, or at a bookstore, there’s the potential that someone is there just waiting to snoop around your ever-so-personal social network profiles.
Not only should wireless internet users be aware of their vulnerability, but they should know how to counteract it and fight back. It turns out that Firesheep can be thwarted by strong layers of security, particularly encryption. For users of Firefox, an extension called HTTPS Everywhere makes popular websites (that is, as many as support the HTTPS protocol) to use encrypted login information throughout an entire browsing session. It’s also possible to use a VPN (Virtual Private Network), which essentially creates a direct encrypted link between your computer and the Wi-Fi hotspot.
There is also a new program created in response to the alarming number of Firesheep downloads (an estimated 200,000 within a week of it’s release) . Icelandic student Gunnar Atli Sigurdsson has created a small standalone program called FireShepherd, which works by “[flooding] the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep. ” This program is a temporary, but innovative measure that exploits one of Firesheep’s own vulnerabilities.
All in all, people should still practice sensible Wi-Fi safety measures. When using public Wi-Fi, one should not use social networks or other sites that contain extremely sensitive information. When it comes to security over unsecured networks, prevention is always the best policy.