SEARCH

Entries in Firesheep (1)

Monday
Oct252010

Privacy Hole Puts Website Login Info at Risk

Photo Courtesy - Getty Images(SEATTLE) -- If you sign into some of the Web's most popular sites through unsecured Wi-Fi networks (such as those available at airports and coffee shops), hackers could easily spy on you and steal your password information, according to Seattle-based software developer Eric Butler.

To show Internet users and websites the severity of this privacy hole, Butler created a free Firefox Web browser extension that, once downloaded, lets users hijack others' user information themselves.

Called Firesheep, the program lets users see who is connecting to the Internet through an unsecured Wi-Fi network.  Once someone connects to an open Wi-Fi network, the program shows the person's name and photograph.

Aaron Higbee, co-founder and chief technology officer of security firm Intrepidus Group, said Firesheep highlights the risks associated with public Wi-Fi networks.

Open Wi-Fi hotspots may be convenient for on-the-go Internet users but, he said, most consumers probably don't realize that when they connect to an open Wi-Fi network that does not have encryption, they're basically broadcasting their online session to everyone within listening distance.

Hackers could eavesdrop on these connections before Firesheep, but with the new program, this kind of online spying is easier than ever for a layperson, he said.

"Sometimes, that's what it takes for people to realize this is something...to be concerned about," he said.  If you plan to use a public Wi-Fi network to connect to your e-mail or social networking account or other sites that require authentication, Higbee recommends using a VPN (or virtual private network) application that protects a user's Internet session.

Steve Manuel, a senior at the University of Southern California, said that after reading about Firesheep on the technology blog TechCrunch, he found one possible way to protect users from Firesheep hackers. "I searched around for any tools that would force you to go to the secure version of that website," he said. Manuel said he found another Firefox extension called Force-TLS which, once downloaded, automatically takes a user from an unsecure website (http) to the secure version of the same site (https).

Not every website includes a secure version and Internet users should be careful about the kinds of information they exchange over a public Internet network, but Manuel said it seems that the Force-TLS extension should protect users accessing well-known websites like Facebook, Twitter and Google.

Copyright 2010 ABC News Radio







ABC News Radio