Firesheep: The New Threat to Internet Session Hijacking
Anyone who uses a computer must understand that powerful encryption is a necessary tool if you are conducting personal business such as online banking and shopping, social networking, and accessing open Wi-Fi networks. This weekÕs release of Firesheep, a browser extension that allows users to swipe other peopleÕs online credentials with just a few clicks, brings the reliability of true encryption front and center. Just as the recent news that Google Street View vehicles were collecting personal Wi-Fi web traffic, this story is sure to flood news outlets.
Firesheep Poses Real Dangers
When you log into a website, you start by submitting your username and password. The site’s server then checks to see if account information matches, and then replies back to you with a cookie which is used by your browser for all subsequent requests. As this process takes place, most websites protect your password by encrypting the initial login. However, it is uncommon for websites to encrypt everything else, including the “user’s” cookie. If an attacker gains access to this “cookie”, they can do anything the official user can do on a particular website. In other words, accounts can be hijacked by anyone.
On an open wireless network, cookies are publicly broadcast, making these attacks extremely easy. With Firesheep installed, hackers can target anyone who is accessing Twitter or Facebook from the same open wireless network. From there, they can take over the person’s account.
What Firesheep does is nothing new, but it definitely demonstrates the growing risks that unsecure websites — those without true end-to-end encryption — can pose for users who are unaware that their Wi-Fi connections can be easily hijacked.
Ways to Protect Your Online Activities
Unless the website employs HTTPS encryption (which Facebook and Twitter do not), the only protection against Firesheep and similar hacking techniques is to use a trusted VPN (Virtual Private Network) client that protects all of their website visits.
Find out how Anonymizer Universal provides powerful VPN protection for computer, iPhone®, and iPad™ users each time they access the Internet from home, or remotely from W-Fi connections.