Web Hosting Security

  Home arrow Web Hosting Security arrow Firesheep: Ways to Counter attacks fro...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Firesheep: Ways to Counter attacks from This New Firefox Add-on
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 2

    Table of Contents:

    Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article



    Firesheep, the new add-on that gives its users the ability to hijack access to Facebook, Twitter, and other sites, has created worry among the online world. While the add-on does work in certain circumstances, there are ways to protect yourself from its attacks.

    Eric Butler, a freelance application developer from Seattle, introduced Firesheep recently at the ToorCon security conference in San Diego. Since its short release, Firesheep has already exceeded the 200,000 download mark, and that number is growing daily. The extension's popularity stems from the fact that it allows users to gain access to other people's accounts for websites such as Amazon, Flickr, Google, bit.ly, and the aforementioned Facebook and Twitter.

    Although, on the surface, hearing that account access can be hijacked by a simple add-on may be alarming, special circumstances have to exist in order for this to occur. For a person's account to be compromised by Firesheep, they must log on to an open wireless network, and they must visit an insecure site recognized by the add-on, such as those listed above.

    After installing Firesheep, the add-on creates a sidebar in the Firefox browser. If the Firesheep user connects to a open wireless network where others are present, they can then click on the interface's Start Capturing button. If anyone on the network is visiting an insecure site, their name and photo will appear. By simply double-clicking on the person, the Firesheep user then gains access to their account, and they can do as they please. 

    Firesheep takes advantage of the encryption or lack thereof on sites like Facebook and Twitter. While the task of logging on to the site may be encrypted, the traffic afterward usually is not, and the user's cookie is essentially "up for grabs" for any hackers who have access to the same open wireless network.  Butler created Firesheep to show how such websites are lacking in terms of encryption, and how they must improve the way in which they protect their members' privacy. 

    While the existence of Firesheep may be unnerving, security experts claim there are ways to protect yourself from its attacks. The first precautionary measure is to avoid connecting to public Wi-Fi networks that are not encrypted. If the network allows anyone to connect to it and does not require a password, stay away. 

    Other experts, however, claim that the Wi-Fi networks themselves are not the real problem. They place the blame on the insecure sites instead. As long as you do not visit insecure sites that use personal data while on an open Wi-Fi network, you should be fine.

    If you want to access your Facebook, Twitter, and other accounts while out and about, experts suggest using a virtual private network, or VPN. VPNs offer the advantage of encrypting traffic between your computer and the Internet. Many business professional have access to these, but access can also be purchased on a monthly basis from a provider such as Strong VPN. MiFi is another pricey option, which gives your your own Wi-Fi hot spot for around $50 per month. 

    Besides avoiding public Wi-Fi, using a VPN, or getting MiFi, Firefox users also have the option of downloading a couple of add-ons. Force-TLS and HTTPS-Everywhere are both free, and force the browser to use encryption on certain websites.  Although each of the precautionary methods offer their own merit, they all provide some sort of protection against Firesheep and its users.

    For more on this topic, visit the Computerworld story. 

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou


    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap