Wi-Fi Users Beware: Firesheep on the Loose in Your Gmail, Facebook, and Other Online Accounts
Firesheep, the latest threat to Wi-Fi users, is free, open source, and easy for even the intermediate user to figure out. In fact, over the past three months, more than 1 million individuals have downloaded Firesheep and have the ability to see what other Wi-Fi users on an unsecured network are doing.
While the passwords you enter on sites like Google, Amazon, eBay, Facebook, and Twitter may be encrypted, Firesheep snags your Web browser cookie and enables the snooper to view and use your account passwords at will. The only types of Web sites that are safe from Firesheep are those using cryptographic protocol Transport Layer Security or Secure Sockets Layer during your session.
While Facebook and others are starting to revamp their site security, the Electronic Frontier Foundation released an extension to Firefox called “Https Everywhere,” in an effort to improve Internet security for users. It is now available for download at http://eff.org/https-everywhere.
From the New York Times,
Mr. Palmer at the Electronic Frontier Foundation blames poorly designed Web sites, not vulnerable Wi-Fi connections, for security lapses. “Many popular sites were not designed for security from the beginning, and now we are suffering the consequences,” he said. “People need to demand ‘https’ so Web sites will do the painful integration work that needs to be done.”