Firesheep may scare you off the Internet

Firefox logo.

Here's a word you'll soon be afraid of: Firesheep. It's a new free downloadable add-on to the Firefox web browser. Over 100,000 people have downloaded it so far.

As we reported yesterday, with Firesheep, someone can get on an open wireless network, cafe or hotel whatever, see who is on there, double-click a name, and access what that person's doing online. So someone is logged in as you on Facebook, on Twitter, any unencrypted site.

Seattle software developer Eric Butler says he created Firesheep to call attention to the inherent security problems presented by unsecured networks and by unencrypted web sites. Big name sites like Facebook or Twitter will encrypt your password as you log in, but after that a lot of that information is out there for the taking. Firesheep intercepts Internet "cookies" -- the little data packets web sites put on your computer to recognize you when you return. While sophisticated hackers have been able to do this for years, Firesheep lets anyone do it. You, me, anyone can have it up and running and hacking in five minutes or so.

Security experts are recommending a few methods to fight back against Firesheep. For one, don't connect to public Wi-Fi systems. Another: connect to a VPN (virtual private network) when accessing free Wi-Fi to limit access to your data by Firesheep. There are also add-ons for Firefox, including one extension called Force-TLS 2.0, which creates an encrypted connection when you visit certain sites like Facebook.

We talk with Chet Wisniewski from the security firm Sophos about what you should and should not be doing in a Firesheep world. We also send BoingBoing.net science editor Maggie Koerth-Baker to her local coffee shop armed with Firesheep. She spies on herself.

Comments

I agree to American Public Media's Terms and Conditions.
With Generous Support From...