Firesheep: With the advent of wireless technology, it didn’t take long for the Internet to become available almost everywhere, thanks to Wi-Fi. Desktops and laptops with Wi-Fi receivers can easily access the Web where an open wireless connection is available. It must be heaven for traveling people to have Wi-Fi wherever they go. Well, not quite. Free Wi-Fi also means lots of free wares that are usually transmitted wirelessly and oftentimes damaging to unprotected users. One of these is the Firesheep.
What Is Firesheep and How It Works
It is originally a Firefox browser app created by software engineers Eric Butler and Ian Gallagher. Butler used it to demonstrate how unsecure the Net is, especially with the emerging Wi-Fi technology. The plug-in makes it easy for hackers to gather users’ login information and hack into accounts. Facebook, Twitter, PayPal and Amazon are some of the websites most susceptible to this app.
When a user signs in to, for example, Facebook, the browser sends the login information to a partially encrypted or even an unencrypted website. Firesheep works by listening in on the said traffic going over unsecure Wi-Fi networks. It captures the information in the session cookie, allowing a hacker use it to access the websites visited. When a hacker signs into someone’s vulnerable social network, email or online shopping accounts, he can use that person’s account to send out unauthorized posts or emails or make unauthorized purchases online. That is called sidejacking.
Double-click on someone, and you’re instantly logged in as them, Image Source: http://codebutler.com/firesheep
How to Protect Your System Against Firesheep
The most recommended advice to protect your login information from invasion is avoiding the use of open Wi-Fi networks. However, if circumstances call you to use free wireless right then and there, here are some ways to be on guard when in an unsecure Wi-Fi:
- Use software programs or apps that can block or hinder access in free Wi-Fi environments. Try using Firefox extensions such as Force TLS and HTTP-Everywhere.
- Sign out of websites when you’re finished. This makes the session cookie invalid, but this is no guarantee. Change your passwords habitually.
- Rent a virtual private network (VPN) service to encrypt your Internet activities. Some of these services are AceVPN, StrongVPN and Private WiFi. These make your logins and online traffic invisible to hackers and sidejackers, even when you visit vulnerable websites.
Firesheep has become a plug-in predator and has given major websites a wake-up call to upgrade their security.