Firefox Extension Firesheep Puts Website Login Info at Risk

If you plan to use a public Wi-Fi network to connect to your e-mail or social networking account, or other sites that require authentication, Higbee recommends using a VPN (or virtual private network) application that protects a user's Internet session.

Use VPN Applications If Connecting Over Public Wi-Fi

If you use a work laptop, chances are your office has provided one for you to use. And if you primarily use a personal laptop in transit, Higbee said it might make sense to use a low-cost (or free) VPN program that costs about $5 a month.

Instead of using public Wi-Fi, he also suggested tethering your laptop to your smartphone (assuming it allows tethering) and using the phone's data plan to connect to the Internet.

VIDEO: Michigan principal John Hoving uses the site to monitor students.
Michigan Principal Friends Students on Facebook

The 3G connection may not be as fast as a Wi-Fi connection, but it's much safer, he said.

As for the websites themselves, while Higbee said he understands that it's not a "trivial undertaking" to encrypt an entire Internet session, he said that, at minimum, sites could notify users if others were using their cookies or potentially eavesdropping on their activity. Some applications, such as AOL Instant Messenger and Gmail already employ similar safeguards.

"They absolutely could do that and put that warning in front of somebody," he said.

Firefox Extension Force PLS Could Protect Users From Firesheep Exploit

Facebook Gets Personal
Facebook Gets Personal

Steve Manuel, a senior at the University of Southern California, said that after reading about Firesheep on the technology blog TechCrunch, he found one possible way to protect users from Firesheep hackers.

"I searched around for any tools that would force you to go to the secure version of that website," he said.

Manuel said he found another Firefox extension called Force-TLS which, once downloaded, automatically takes a user from an unsecure website (http) to the secure version of the same site (https).

By default, Web browsers take users to unsecure websites because they're faster to load than the secure version and, usually, safe enough for an Internet session.

But in environments where Internet sessions may be open to eavesdropping, the secure version adds a layer of protection by encrypting information flowing between the user and the website.

Not every website includes a secure version and Internet users should be careful about the kinds of information they exchange over a public Internet network, but Manuel said it seems that the Force-TLS extension should protect users accessing well-known websites like Facebook, Twitter and Google.

-- This embed didnt make it to copy for story id = 11963376.
  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...