Ever use an open Wi-Fi network at Starbucks, Panera, McDonalds or elsewhere? Do you mind sharing all the information contained your email account, Amazon account, Facebook, etc., with strangers? If so, you'll want to read this.
Last week one of my favorite podcasts, Security Now!, discussed a new Firefox browser add-on called Firesheep. That software makes it easy for someone sharing certain kinds of network connections (e.g., wireless hotspots) to access personal data maintained on several websites.
According to Steve Gibson, host of Security Now!, the following applications are included:
Amazon, Basecamp, bit.ly, eNom, Facebook, Foursquare, GitHub, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco . . . Slicehost, Gowalla, and Flickr.
Most of, if not all, these sites take precautions to make sure users' passwords are not readable when they log on. Immediately afterward, however, these sites revert to unencrypted communication using a certain methodology for tracking individual users after they've logged in.
It's at that point that it becomes fairly easy for someone else use that tracking mechanism to have the same access to the site as the person who just logged into it.
The ultimate solution is for these sites to maintain an encrypted link with users for the entire session rather than just while entering passwords.
That's going to take a while, but thanks to Firesheep, that might become a priority for each of these websites now.
Meanwhile, steer clear of open wireless hotspots unless you use VPN or some other way of securing your connection. Hotspots offering encryption known as WPA (which most home wireless users have by default) provide some protection against this hack.
I am pretty sure that is how my gmail was hacked. I went on to
ReplyDeleteWIFI at Mcdonalds while in Virginia. Big mistake.
Could that have been prevented if I had MIFI ?