Due in part to its use in hijacking people's Facebook pages, the Firefox add-on "Firesheep" has been getting a lot of press lately. I've had a couple of clients ask me how to avoid this particular type of attack.
Firstly, I don't really recommend the use of WiFi hotspots that are unencrypted. I know that in this day and age of free WiFi at every Starbucks it is difficult to live by this ideal, however I think that it's important to be mindful that if a WiFi spot is "open" the traffic going over the network can be seen by the other machines in range of the network, and this is an added risk inherent to unsecured wireless networks (yes, even your neighbor's.)
Secondly, I recommend that you set all your important sites to use SSL (https) if this feature is available. Some services offer this, but it has to be configured, other services (like Gmail for one) have this set up by default. I would not log in to any site that is not using SSL (again the https:// in front of the URL) over an unsecured WiFi connection.
My final bit of advice is to be sure that your mobile devices (laptops, phones, etc.) are not set to automatically log in to services like Facebook if you use them on open wireless networks. My solution to this is that I never set up open WiFi connections to connect automatically, so that it is a conscious decision to connect, and I can ensure that I'm not logged in to anything that isn't using encryption prior to connecting.
Keeping aware of the level of security that the network you are connected to is using is important, and is the only sure fire way to ensure that you aren't a victim to hijacks like Firesheep.
Thursday, November 11, 2010
Subscribe to:
Posts (Atom)
Posts
