FireSheep (http://www.codebutler.com/firesheep) is a firefox extension that allows anyone to snoop login information off of unsecured wireless connections. This includes, gmail, yahoo, cisco, foursquare, and facebook. It even gives you the ability to add sites to capture even more sensitive, unsecured, information. Needless to say, it’s a threat to any user connecting via unsecured wireless networks.
The developer that created this extension has ethical reasons – get facebook, yahoo, etc to solely use https connections in order to protect privacy. That’s admirable to an extent. In this case though, the end does not justify the means. Sure, these sites will lose user-count as more people are hacked but do we really need to expose these vulnerabilities to the whole world (and make them point-and-click easy) just to effect change? An ethical hacker-anarchist is a hard pill to swallow.
So what can the average Joe do? FireShephard (http://www.downloadsquad.com/2010/10/29/fight-firesheep-with-fireshepherd/) is another firefox extension, that if run on a potential-victim’s computer will crash any active firesheep sessions on the unsecured wireless network. So wait – a hacker using firesheep can do the following:
- Buy stuff off your amazon account
- Change your facebook relationship status and religious views
- Post rotton pics on your flickster
- Send email from your google account
- Post a blog on your word press
- Pinpoint your location on foursquare
In retaliation you can:
- Crash firesheep
Really? That’s it?