Released last October as an extension for the popular web browser Firefox, the program Firesheep has many people frightened. This add-on uses a security hole that is abundant throughout the web to gain access to people’s accounts when they log in. The program itself is relatively simple to manage; all a user has to do is start the program in a crowded area and wait.
There are a few restrictions to the program, and by knowing them, people can protect themselves from becoming victims. Firesheep can only steal information over a wireless connection. Use of a wired connection will prevent anyone from being able to steal data. This program waits for people using wireless devices to log into a website or database. Firesheep highjacks some of the wireless data, namely the authentication cookie that the website sends to the person who is logging into a site, and allows the user access to the page that the victim was logging into.
After a hacker gains access to the account, they have a majority of the same options the victim has when using the webpage. As long as the website never redirects the hacker to an area that requires another log in, they will have free access to the victim’s account. This means hackers could send e-mails, make Twitter or Facebook posts and alterations and gather sensitive or personal data.
The extreme solution is to not access websites on a wireless connection that you have data or personal information stored on. A lot of websites have the potential to be exploited by this program, but there are some that have already taken the measures needed to protect its users. When logging onto a website, take note of the website address. If the address begins with “http,” then any login area on that website could potentially be exploited. If the web address begins with “https,” with the added s standing for secure, then the website is safe for use on wireless networks. Russ Feldhausen, computer support specialist for K-State Department of Communications said that K-State sites, such as K-State Online, iSIS and K-State Webmail are all safe to use because they use SSL encryption on its sites, as denoted by the https web address.
Other sites that use secure encryption include Google Mail and PayPal. Some major sites that are not using secure encryption include Facebook, Twitter, Yahoo Mail and Windows Live/Hotmail.
The reason this program was initially released was to show that a majority of websites do not properly secure their login information. It was an attempt to force the hand of these companies to fix its issues, but do not let this program make you into a victim. If you need to access personal data on a website with private information the best thing to do is to do it at home, or on a wireless connection you trust.