What this relates to is hacking the accounts of people connecting to the internet through unsecured wifi connections i.e. where you connect to an open wireless access point in a coffee shop or similar that doesn't require you to enter a password before going onto the internet. While hackers, using various obscure bits of software, have been able to break into other people's connections via this method for a while its just got a lot easier, with a simple add-on to the Firefox browser called 'Fire Sheep' which, once its installed, displays a list of all of the sites that people are logged onto around you, and allows you to log in to their session, whether they're on Facebook, Twitter or whatever, with a single mouse-click. They're not actually stealing your username and password (well at least not initially!) - what the software is doing is copying the 'cookie' which your browser sent to identify you to the site for that session and then reusing it, allowing the Firesheep user to impersonate you. Because they're coming from the same IP address and using the same identifying cookie as you, the website at the other end has no way of telling you apart!
Now before you run screaming for the hills there are various ways to protect yourself against this kind of attack. Not being a security professional I don't feel qualified to go into the nitty gritty detail, but it isn't necessarily difficult to make sure that you're surfing safely - in fact some of the more forward-thinking and responsible websites already do all of the hard work for you - Amazon and Google (and very probably your bank) are good examples, because they use secure methods while logging you into their respective sites. There are articles on Lifehacker and on TechCrunch that will give you all of the advice that you need, and for the more technically minded there's a very involved discussion on last week's podcast from Leo Laporte and Steve Gibson - Security Now Episode 272.
Just remember, be careful out there!
0 comments:
Post a Comment