Ever heard of a Firesheep? Firesheep is a Firefox (web browser) plugin that allows a bad guy to hijack an open session and pretend they are you. This means that, for instance, if you are logged into Facebook, said bad guy can take over your session with only a few clicks.However, just so you don’t panic:
- You are only vulnerable if you are logged in over public (unencrypted) wifi
- Your banking service and many financial transactions are safe – look for the “https:” and padlock in your browser. If this is present, you are fairly safe to use it over public wifi – although read the warnings below. In fact, only a limited subset of websites are vulnerable, facebook.com unfortunately being an example!
The author of the tool released it to push the internet into getting itself more secure, and for testing purposes. By the way, it's actually important to note that similar tools have been available to really bad guys for some time now – the release of this tool has served primarily to push this information into the limelight. How can you protect yourself as a user?
- Use a VPN service to encrypt all traffic as it leaves your pc – this is handy if you have a laptop
- Plug in physically whever possible – this isn’t 100% protection, but it does keep you safe most of the time
- Be aware that problems are worse in 3rd world countries
- Ensure all financial transaction sessions are encrypted – run over SSL connections with the padlock icon and "https" visible in the URL bar
- This is the only thing ssl actually protects you from eavesdropping, as the connection between your PC and the server can then not be intercepted