What is Firesheep?
You haven’t got to be a genius to become hacker. As of autumn last year, a new creation has swept the Wi-Fi nation with a Firefox Plug-in called Firesheep, making social networking in open areas a vulnerable past time.
There are millions of cookies floating throughout the internet, which store information in your machine. A server sends you the cookie/HTTP cookie/web cookie and then your browser stores it until it gets sent back to the server again to wait irritatingly for your next arrival to that particular webpage. Cookies which are sent over insecure connections are easily grabbed and herded to play to its Sheppard the login process to the site you were just on. This is called HTTP session hacking or side hacking.
Firesheep does exactly this, but shows the user how simple it can be accomplished in a readable easy to use manner. All it takes is a few clicks to download and install the Firesheep add-on, open it and click ‘Start Capturing’. The system then starts to collect all readable accounts in the same Wi-Fi area as you, showing you social media accounts and blogs ext in the right hand side of the system which are just a double click away from the Sheppard’s beadi little eyes.
It’s not so advanced that you can change the users account information, but it does show the Sheppard all of the account holders details, such as personal messages and also allows the Sheppard to change the status of an individual. Mail systems such as Yahoo and Google seem pretty secure, but if left open on someone’s laptop, accounts still show up and set the sheep on fire. What the software does is copy these cookies and reuses them to enable the Sheppard to mimic your ‘Baaaaa’s’.
The whole reason for such an invention is to help advertise how vulnerable we are to hackers if we don’t have any safety in place, intelligently marketing full end encryption . Which leads me to my next point…
How To Protect Yourself from Firesheep Sheppard’s In Open Internet Fields!
Big websites such as Ebay, Amazon, online banking, and Google do have very secure networks in place, so you don’t have to worry about protecting yourself here. The effective fix is to implement full encryptions into sites that move cookies in a highly secured way called HTTPS or SSL.
What the hell is HTTPS and SSL??
Hyper Text Transfer Protocol Secure (HTTPS)is a connection between site and server that’s encrypted into a website to ensure safe e-commerce transactions, such as online shopping and banking.
By using HTTPS a code is agreed between computers that scrambles messages from one place to another, so no-one can decrypt them in between transactions or grab them for spamming.
A Secure Sockets Layer (SSL) is the bit in the middle the code uses to send the information between places. (Also known as TLS)
At the beginning of a web address, you normally see ‘http://www..’ but when a site is encrypted with Hyper Text Transfer Protocol Secure the beginning of a site starts with ‘https://www….’ showing the user that particular site is safe to use. Web browsers like Firefox and Internet Explorer also display a padlock icon in the address bar of secure sites so that users know they can trust it to keep their details safe. A site that connects via HTTPS encrypts the session with a digital certificate, installed by web site developers.
Facebook enable you to turn on the HTTPS option by venturing into your account settings, clicking on Account Security and then ticking the HTTPS secure browsing option.
Bare in mind that HTTPS is slower than the usual HTTP. This is the excuse many sites hold when defending their corners on the subject!
Twitter also allows users to do the same, with the HTTPS easily found in the /settings/accounts page.
WordPress-ers can stay safe with plugins such as http://wordpress.org/extend/plugins/wpssl/ and http://wordpress.org/extend/plugins/admin-ssl-secure-admin/ allowing you to put up a wall of water to drown those sheep.
Other sites are behind but a plug-in installation is available which turns sites across your browser to HTTPS, forcing the SSL software into that transfer code. https://addons.mozilla.org/en-US/firefox/addon/force-tls/ for Firefox users.
Firesheep is part of a flock of systems making relevant how un safe these open Wi-Fi areas are if you’re not protecting your cloud. Review your news and que a few new plugins and settings to secure your online personality!