If you want to protect yourself from Firesheep, read this guide.
In late 2010, programmer Eric Butler released Firesheep, a Firefox web browser extension that demonstrates how easy it is for someone to hijack browser sessions over unencrypted and potentially unsafe networks. In particular, Firesheep intercepts cookies sent over an unencrypted network for login credentials, allowing potential hijackers to gain access to your Facebook and Twitter accounts, among others.
Firesheep is a compelling argument for encrypting not only the login process but also cookies created during the login process itself. Since Firesheep is meant to deter attacks, Firefox creators Mozilla Foundation does not consider it as malware and has so far refused to take it down from the official list of Firefox extensions. Thus, anyone, including those with bad intentions, can use the tool to gain access to your accounts on popular websites that still do not encrypt cookies during login sessions.
I’ve personally tested Firesheep, and I’ve seen how easy it is to reveal my own identity to potential attackers using the tool.
7 Steps To Protect Yourself From Firesheep
Until the day comes when all websites properly secure their login processes, you can protect yourself from Firesheep by taking the following precautions:
1. StepAvoid using free, open Wi-fi, or wi-fi networks that are not unencrypted. You are particularly vulnerable to a Firesheep attack over such a network.
2. StepIf you must use free, open wi-fi, make sure you’re connected to a virtual private network, or VPN. While this may not be a problem for some, particularly business users, if you don’t easy access to a VPN, be prepared to shell out a small amount monthly for a low-cost VPN service.
3. StepIf you have your own wi-fi network at home, make sure to encrypt your router with WPA2, which is far more secure than other, earlier encryption methods.
4. Step Switch to Firefox, which has two available add-ons, namely HTTPS-Everywhere and Force-TLS, that force the use of encrypted connections when accessing certain websites.
5. Step If you have the money, subscribe to a more expensive Mi-Fi service, which costs anywhere from $40 to $60 a month. A Mi-Fi device is naturally secure, as it encrypts traffic between your browser and the Internet.
6. Step Install Firesheep and make sure your accounts are not popping up on its list of accounts. Make sure not to use the tool to snoop on someone else’s data, though.
7. Step Install Blacksheep, a Firefox add-on that warns you if someone is using Firesheep over the network.
For the last two tips, remember that any determined hacker, using means similar to those employed in Firesheep , can still hijack your sessions even without using the addon.
Firesheep remains a popular download. Whether it’s being used to hijack sessions or as a learning tool, it doesn’t matter. What matters is that you know how to protect yourself from it. That is half the battle won.
