How to protect against Firesheep attacks
Experts suggest defensive measures to ward off Firefox add-on's hijacking of Facebook, Twitter sessions via Wi-Fi
Computerworld - Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users' access to Facebook, Twitter and other popular services.
Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site.
Since researcher Eric Butler released Firesheep on Sunday, the add-on has been downloaded nearly 220,000 times.
"I was in a Peet's Coffee today, and someone was using Firesheep," said Andrew Storms, director of security operations at San Francisco-based nCircle Security. "There were only 10 people in there, and one was using it!"
But users aren't defenseless, Storms and several other experts maintained.
One way they can protect themselves against rogue Firesheep users, experts said on Tuesday, is to avoid public Wi-Fi networks that aren't encrypted and available only with a password.
However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.
"While open Wi-Fi is the prime proving ground for Firesheep, it's not the problem," Gallagher said in a blog post earlier on Tuesday. "This isn't a vulnerability in Wi-Fi, it's the lack of security from the sites you're using."
Free, open Wi-Fi is not only taken for granted by many, but it's not the problem. There are plenty of low-risk activities one can do on the Internet at a public hotspot, including reading news or looking up the address of a nearby eatery.
So if Wi-Fi stays, what's a user to do?
The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.
While many business workers use a VPN to connect to their office network while they're on the road, consumers typically lack that secure "tunnel" to the Internet.
"But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from 'sidejacking' your sessions," Wisniewski said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- BlackBeard Case Study In this case study, learn how a business with 95% of revenues generated online was hit by DDoS attacks over a 6-month period,...
- Four Ways DNS Can Accelerate Business Growth This e-book describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Network Security White Papers | Webcasts