Monday, February 7, 2011

Firesheep

There's an extension for the Firefox web browser called Firesheep.  For those who install it, it allows passive capture of cookies for web sites.  Why is it a big deal?

For anyone who uses an unencrypted WiFi network, it means a "bad guy" with Firesheep can easily steal their web site cookies and use them to access private web sites.  If you ever use an unencrypted WiFi network, such as at a coffee shop, airport, or anywhere else, your Facebook, Google Mail, or other personal web accounts could be compromised.

Solutions?

1. Only use WiFi networks encrypted with WPA or WPA2.  Usually, this involves using a WPA-PSK or WPA2-PSK password.
2. If you use an unencrypted WiFi network, only use SSL (Secure Sockets Layer) security.  Some web sites don't provide SSL-enabled access, though.
3. Use a VPN (such as through your corporate network) when working from a WiFi network.
4. Only use a wired network.

No comments:

Post a Comment