Tuesday, January 11, 2011

When Sheep go bad....Firesheep

Dear Reader, 
  I try to mix up the posts here with some knitting related content and then some technology knitting related content, but today I have some information for knitters, crocheters, weavers and all manner of fiber artists and muggles alike. It's the kind of sheep you don't want, it's Firesheep and it is out there, everywhere and trust me the bad guys know about it. I googled this after a conversation with DH and found blog posts, articles and general discussions on the web about this program. 

  I defer to the experts, but basically it is a program that will allow someone to hijack a page you have logged into, in a wifi hot spot. For example, lets say you are in a local coffee shop with free wifi, or the mall, or a popular bookstore, and you sit down with your coffee and decide to see what your friends on Facebook are doing, you log in and your password is encrypted and protected, but nothing else is. Some one with Firesheep sitting near you in the same coffee shop will see when you have logged onto Facebook and can then hijack your account and post things on your wall as if it were you and your friends would never know it wasn't you.  Here is how is works as explained in an article found at PC World Magazine on-line by Sharon Machlis of Computerworld, 

"All I had to do was download and install the add-on, open the Firesheep sidebar and click "Start Capturing." When her account appeared on the list, I double-clicked on it. Once I made sure that I wasn't logged into the same site myself with my own account, her account appeared in my browser.
Happily, I couldn't change her account information without knowing her password. But I could see all her friends, read her private messages and even issue a status update that went to all her friends."

Firesheep is a Firefox add-on and has been loaded hundreds of thousands of times already, so what can we do to protect ourselves? I found another great article at Computerworld by Gregg Keizer, 
"The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.
While many business workers use a VPN to connect to their office network while they're on the road, consumers typically lack that secure "tunnel" to the Internet.
"But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from 'sidejacking' your sessions," Wisniewski said. 
"A VPN encrypts all traffic between a computer -- a laptop at the airport gate, for instance -- and the Internet in general, including the sites vulnerable to Firesheep hijacking. "It's as good a solution as there is," Wisniewski said, "and no different, really, than using encrypted Wi-Fi."
The only other alternative would be to avoid open wifi spots, and that just seems like overkill. My personal advice, is if you want to use social networking sites and they are fun. And you use open wifi hotspots, because who isn't on the go, then be extremely careful what personal info you put on your profile pages, while the bad guys can still post messages that aren't from you at least they won't be able to access or gain personal information. 
Happy Fiber Everything! 

1 comment:

Nancy McCarroll - Arts, Crafts and Favorites said...

Laughed (almost) when I have to think that no one would be interested in anything that any of my friends would say that would be of interest to anyone else. Some people must be awfully bored to peek in on others' facebook pages. Who woulda thunk it?