TechFeed: Firesheep makes it easy for hackers
Do you use free public Wi-Fi? A
new Firefox plugin called
Firesheep may be enough to make
you rethink your actions.
Firesheep has been around for nearly two months, unveiled on October 25, 2010 by a software developer out of Seattle named Eric Butler. Available for free download, Firesheep takes advantage of a security loophole found in unencrypted public Wi-Fi. Those who install the plugin can connect to any public Wi-Fi, such as that found at Starbucks or Coffee Culture, and use it to take over, or "side-jack," those using typically secure websites. Just because you've never shared your Facebook password doesn't mean someone nearby can't gain access to your account.
But it'll never happen to me, right? Think again; Firesheep has been downloaded nearly one million times, and although the installation is a little tricky, numerous tutorials and YouTube videos make it a simple process that almost anyone with a laptop can accomplish.
Butler is what's known as a white hat hacker. He creates programs and exposes security risks not for personal gain, but to alert others to the issue and attempt to force those causing the problem to fix the risk. Black hat hackers, on the other hand, use their skills in ways that most people think when they hear "hacker;" stealing credit card numbers, hijacking accounts to send spam and other similarly disruptive actions.
The fix here would be simple — those offering free Wi-Fi would need only to encrypt their service by securing it with a password. While it's an extra step for users, it doesn't need to be a headache — the password can be simple, publicly displayed and the same for each and every user. Most companies offering free Wi-Fi to users have been alerted to Firesheep and are being urged to password-secure their networks, but so far it doesn't seem that anyone is rushing to fix the problem. On the other hand, users everywhere are rushing to download the plugin and exploit the security loophole while it lasts.
Where companies are failing to protect their users, other companies, like Zscaler, are taking user's privacy into their own hands. Zscaler has released an alternative product called BlackSheep, which can detect Firesheep and alert users if a person on the network is using it. The downfall to BlackSheep is that Firesheep, albeit the most popular, isn't the only side-jacking tool available, but it's the only tool BlackSheep is capable of detecting.
Until a stable solution is found, laptop users should be especially careful of what they access from public areas like coffee shops. While it's one thing to have your Facebook or Twitter account hacked, it's completely another when your bank account or credit card is compromised. When using public Wi-Fi is a necessity, attempt to avoid unnecessary transactions or interactions that take place from secured accounts. Consider downloading BlackSheep to detect intruders, and when possible, find an alternative, secured connection to use.
With a million Firesheep downloads, major companies should soon be cracking down on free Wi- Fi passwords. Since that hasn't happened yet, be prepared to practice caution with the use of free Wi- Fi — or risk giving up your privacy entirely.
Firesheep has been around for nearly two months, unveiled on October 25, 2010 by a software developer out of Seattle named Eric Butler. Available for free download, Firesheep takes advantage of a security loophole found in unencrypted public Wi-Fi. Those who install the plugin can connect to any public Wi-Fi, such as that found at Starbucks or Coffee Culture, and use it to take over, or "side-jack," those using typically secure websites. Just because you've never shared your Facebook password doesn't mean someone nearby can't gain access to your account.
But it'll never happen to me, right? Think again; Firesheep has been downloaded nearly one million times, and although the installation is a little tricky, numerous tutorials and YouTube videos make it a simple process that almost anyone with a laptop can accomplish.
Butler is what's known as a white hat hacker. He creates programs and exposes security risks not for personal gain, but to alert others to the issue and attempt to force those causing the problem to fix the risk. Black hat hackers, on the other hand, use their skills in ways that most people think when they hear "hacker;" stealing credit card numbers, hijacking accounts to send spam and other similarly disruptive actions.
The fix here would be simple — those offering free Wi-Fi would need only to encrypt their service by securing it with a password. While it's an extra step for users, it doesn't need to be a headache — the password can be simple, publicly displayed and the same for each and every user. Most companies offering free Wi-Fi to users have been alerted to Firesheep and are being urged to password-secure their networks, but so far it doesn't seem that anyone is rushing to fix the problem. On the other hand, users everywhere are rushing to download the plugin and exploit the security loophole while it lasts.
Where companies are failing to protect their users, other companies, like Zscaler, are taking user's privacy into their own hands. Zscaler has released an alternative product called BlackSheep, which can detect Firesheep and alert users if a person on the network is using it. The downfall to BlackSheep is that Firesheep, albeit the most popular, isn't the only side-jacking tool available, but it's the only tool BlackSheep is capable of detecting.
Until a stable solution is found, laptop users should be especially careful of what they access from public areas like coffee shops. While it's one thing to have your Facebook or Twitter account hacked, it's completely another when your bank account or credit card is compromised. When using public Wi-Fi is a necessity, attempt to avoid unnecessary transactions or interactions that take place from secured accounts. Consider downloading BlackSheep to detect intruders, and when possible, find an alternative, secured connection to use.
With a million Firesheep downloads, major companies should soon be cracking down on free Wi- Fi passwords. Since that hasn't happened yet, be prepared to practice caution with the use of free Wi- Fi — or risk giving up your privacy entirely.
