Firesheep–Baaad news for online security
A new extension for the Firefox browser is garnering attention in the technology press.
A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others’ access to Facebook, Twitter and a host of other services, a security researcher warned today.
The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego.
Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots.
Although it’s common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog. "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy."
With a user’s cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Firesheep can hijack are Facebook,Twitter, Flickr, bit.ly, Google and Amazon.
It still requires some know-how to use the extension properly. However, it does highlight the need for proper wireless security practices.
- Avoid the use of unsecured public wireless networks.
- If you do have to use a public wireless hotspot, seriously consider the use of a VPN (Virtual Private Network) to encrypt all traffic between your computer and the internet. Many paid and free VPN options exist.
- Use certain additional Firefox extensions to protect your surfing sessions. This will not work with Internet Explorer or Google Chrome
Feel free to contact us if you need assistance in evaluating your wireless security setup.






