« Return To List

New Firefox add-on makes it easy to get your information

Be wary of getting on your Facebook or Twitter accounts while accessing the internet through an open wireless network or WiFi hotspot. In fact be wary of logging into just about any website while on such a network.

A new Firefox add-on has brought to focus a security issue that's been around for a while. "Firesheep" is a Firefox add-on that places a sidebar to the Firefox browser that shows when anyone on an open network visits an insecure site and by simply double clicking on them, logs into that site as them.

It works by using a common vulnerability with many websites. Many websites will encrypt log in information, but don't encrypt any of the traffic going back and forth once the user has logged in. The cookie left by the website leaves the log in information to be easily obtained when accessed over an open wireless network.

To protect against this, sites that require log ins would need to use HTTPS for all of their sessions, and that is what the author of Firesheep hopes to bring about by releasing this.

Users can protect themselves by avoiding logging into insecure sites while on open networks, tethering to a smartphone connection or using a proxy server or VPN to run the connection through.

« Return To List