In my last post, I talked about a new firefox extension called firesheep and how it can steal your logon sessions from websites like facebook. While visiting your local starbucks, or using your schools public wifi, who knows if there is someone else running firesheep on it. I’m curious to stop by the starbucks near my college and do some shoulder snooping. How much do you want to bet I’ll find someone running it?
While using a public wifi, if your only doing things like reading the news, then you don’t have to worry. It’s the people who are logging into various online services that have to worry. The best protection against someone using firesheep, is to not use public wifi or to avoid logging into sites. But this sucks, and that’s facebook (don’t know why i keep picking on facebook, lol) is probably 90% of the reason your even using the public wifi.
If you choose to continue using the public wifi, and want to log into your various accounts, the 1st method of protecting yourself is to use a VPN (virtual private network). Those of you who work from home (or starbucks!) you probably use a VPN to log into your workplaces network. VPN is good because it “tunnels” or encrypts data between your computer and the server running the VPN. Your cookies will be safe from anyone at the coffee shop, and so will all of your browsing habits. The downside of VPN is that if you don’t already have one set up, you have to pay per month for it. This could range between $7-$50 dollars a month. There are also ways to set up one on your home computer, but that’s for another posting.
The 2nd way of protecting yourself, is totally free, and that’s to force the website to use SSL on everything. You can do this easily by using some firefox extensions, like Force TLS and Facebook Secure. Unfortunately there is nothing out for IE or Chrome at the moment, but hopefully this simple attack will spur them into creating some way of forcing SSL connections on sites you specify.
Hopefully we will start to see sites providing some sort of encryption for everything and not just the login. For now though, at least you have some ways of protecting yourself.
VPN:
Extensions:
No comments:
Post a Comment