Information Technology Services
Wireless Security Risk
Beware of a new program out there called Firesheep. Firesheep is a program which allows other wireless users to hijack the passwords of Facebook, Twitter, and any other website that installs cookies on to your computer. If these cookies are transmitted wirelessly to the internet without the use of encryption, Firesheep users can see them. This program only works on an open Wi-Fi network that is not encrypted. When a user visits any website which is not safe, this program “hijacks” the session and tricks the website into thinking that they are you
An attacker installs Firesheep and goes to a coffee shop with free WIFI service.
You are in the same coffee shop connected to Facebook through their WIFI.
Firesheep tells him you're on Facebook and allows him to log into Facebook as you.
This program had been developed by Eric Butler and released to show the weakness of website programming. Firesheep works because most web developers have not taken the time to properly secure their websites - thus putting their viewers' identity out in the open. This is not a Firefox problem, per se, but a website designer's one.
Ways to protect yourself: Most important is to make sure that whatever website you are logging into and using in an unencrypted, wireless environment, be sure that your information is running over an HTTPS connection. If you are unsure, don’t access it in the public. If you have further questions about the security of the particular website you are trying to access, call the company that owns the website and make sure that it is protected against programs like Firesheep. If you have to access an open WIFI connection, make sure that it is protected with either WPA or WPA2 encryption. Finally, never assume that you are safe to browse the internet in the public and never visit sites that have your personal or sensitive data on them unless encrypted.
For more information, please visit http://open.salon.com/blog/authorfreeman/2010/11/07/firesheep_faq