Tuesday, January 18, 2011

Firesheep: A Firefox add-on that is a Wi-Fi threat

I read an interesting article written by Randy Abrams about a Wi-Fi threat called Firesheep. I even doodled a little pictorial diagram of Firesheep in action...a picture is worth a thousand words...to see a clearer image, click on the diagram and it will open up on a new page in clarity...

What is Firesheep?

Firesheep is a Firefox add-on which can automatically hijack accounts that aren't secured by SSL (https). It's difficult to protect yourself against someone hijacking your accounts when you use public Wi-Fi networks so avoid logging onto sites that requires your username and password when you're using public Wi-Fi networks.

How does Firesheep function?

Firesheep attacks unsuspecting users who are logging onto sites with their login and password on open or public wireless(Wi-Fi) network. When users log onto Amazon, Facebook or various other sites, the user name and password is encrypted but when the site sends the cookie to the person's computer(so that the site can remember the user), the cookie is not encrypted.

Because the cookie is not encrypted, it can be intercepted by anyone else using the same wireless network and the thief can access that user's account.

Prevention is better than cure

If you're going to use free or public wireless network, only surf sites that don't require you to login with your usernames and passwords.

No comments:

Post a Comment