In the recent weeks Wi-Fi users have encountered yet another threat that has them concerned about their Internet security. Session hijacker Firesheep is the latest security threat that has Internet users wondering how to defend themselves while on the web.
What is Firesheep?
Firesheep is an extension for the web browser Firefox that lets people sharing your Wi-Fi network sniff out your login information to a number of sites, including most social networking sites, and log in as you. They can then make alterations to those accounts and perhaps discover sensitive data.
Firesheep was originally released as a way to encourage websites to take better measures to protect their users. Many websites don’t encrypt their users’ sessions from start to finish, making those sessions prone to hackers. This extension shows just how easy it is for people to hijack sessions on these websites and is making Internet users mindful of just how susceptible they are.
How is Firesheep a threat to me?
Since the introduction of Firesheep many people have taken advantage of the add-on in order to acquire access to other people’s accounts. Because of its fairly easy-to-use interface, hacking can now be done by just about anyone.
What Firesheep does is open a sidebar in the Firefox web browser that shows the hacker who else on that Wi-Fi network is logging into the vulnerable sites and lets him or her immediately start using their accounts. Because most social networking sites are not entirely encrypted, users of practically any of those sites are vulnerable to session hijacking.
How can I protect myself?
Programmers have worked quickly in response to Firesheep. In the weeks following the launch of Firesheep a number of applications have been built that are specifically designed to protect users from session hijacking.
- Force-TLS lets you identify sites on which you would like to force the use of the HTTPS protocol, making your cookies invisible to Firesheep http://bit.ly/9yf8Mr
- HTTPS Everywhere, like Force-TLS lets your browser change to HTTPS on any site you specify in the Firefox Add On Preferences menu http://bit.ly/cDMQIW
- VPN clients authenticate and encrypt anything sent while using the client. You can use your corporate VPN if you have one, or you can employ a pay VPN service such as AlwaysVPN http://bit.ly/ateKFK
These programs offer protection from session hijackers as well as
other hackers. It’s essential to keep in mind, however, that
Firesheep is just the latest in a continuous series of threats.
Protecting your information from Firesheep is essential but remember
to be conscious of other security threats and to be extra cautious
when using unsecured Wi-Fi.
Quite often Mac users operate under the assumption that they are immune to viruses and malware attacks. The truth is, Mac users make up a smaller percentage of overall users, constituting a smaller target, and thus yielding a smaller reward to the attacker. That is not the same as being bullet proof. Additionally, Microsoft has continually drawn the fire of the hacking community much more often than other companies offering operating systems and applications. This has fostered a false sense of security in the Mac user community. Malware can be written to infect anything, including phones and other handheld devices. 
Many computer users often dismiss security best practices because they find them inconvenient, they have never been affected in the past, or because they think the rules don’t apply to them. Many cling to the misguided belief that because they don’t bank or shop online, bad guys won’t target them. This post examines some of the more common ways that cyber criminals can use your PC.