Today, competing IT companies are trying to find the best ways for you to “stay connected” in the most convenient ways. Through your phone alone you can be logged into your email, Facebook, Twitter, Google account, and almost anything else. But is staying connected to everything a good thing? Not when someone can access everything you’re currently logged into.
Through a new extension to Mozilla Firefox called Firesheep, it is possible for people to hijack other people’s personal accounts if they are currently logged into them if you are on an open network. Amy Gahran of CNN.com tried this program out at a coffee shop where, after a quick installation, was able to pull up the Facebook and Google accounts of the people around her that were using the same open WiFi network. Not only could she pull their accounts up, but she could also navigate through them as if they were her own. This is called “sidejacking” and is defined by Webopedia as “the malicious act of hijacking an engaged Web session with a remote service by intercepting and using the credentials that identified the user/victim to that specific server.”
Gahran claims that Firesheep can only can only detect network traffic if it passes through a web browser, giving the example that her Twitter account was inaccessible because it was open in TweetDeck, which is a third-party software. However, this information is hardly comforting. Having just your Google account alone hacked is incredibly dangerous because all the rest of your Google accounts, including Gmail, Google Health, Google Calendar, Google Docs, and several more, are connected. This means, by simply searching something in Google on an open WiFi network, if someone is sidejacking you, they can not only learn your name and contact information, but also your medical history, your schedule, and read your emails and personal documents. Your identity can be stolen just that simply and just that quickly. You can avoid having this happening by avoiding open networks, and when on your cell phone, sticking to your carrier’s network.
The creator of Firesheep, Eric Butler, claims that he invented the program to prove the weakness in web browser security and how feasible sidejacking is. His point was surely proven, for now anyone on any computer is capable of sidejacking. Although Butler arguably created a monster that potentially made it easier for sidejackers to get the job done, if he hadn’t had created so much commotion with Firesheep, this much attention would probably never have been brought to the danger of sidejacking, and many people would never even know that they would need to protect themselves against it. Before now, most people still believed usernames and passwords to be protected on web browsers, trusting in their network’s security too much. It is better to have pointed out the problem now than to after massive attacks and scams when it is too late. This way, websites and online services can work on improving their security and, since the problem has become public, it can't be ignored.
http://www.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/index.html
1 comment:
This article is without a doubt an eye-opener. The fact that someone could access any of my information at any time, just by using the same wireless network that I am using is a little disconcerting. The first thing I thought of when reading this blog is how often I access my personal information on open networks. Any place where there is free wifi advertised is a place where there is an open network. Apparently this leaves me, and everyone else using the network at that time, open to sidejacking. Just like anyone else today, I access personal information online quite a bit. I log onto my facebook account, my Loyola email account, my yahoo email account, and my blackboard account multiple times ever day. I also use the Bank of America website to check my bank statements online. I think it is an even scarier thought that my banking information could be stolen. If I never thought of or even realized how vulnerable I am, and everyone else for that matter, and how many times throughout the day I could have my information taken from me.
I had never heard of this Firesheep program before I read this blog. I am not really sure why someone would create a program that makes it easier for hackers to steal information, but it just shows that some extra security measures need to be taken. The creator of Firesheep has shined a light on some big problems that Mozilla Firefox and other browsers need to fix. If this is not fixed people will continue to sidejack and take information. The part of this that I find most scary, is the fact that when someone sidejacks your information, they can navigate the page you would use as if it were there own. This means they can literally get any of the information about you that is on the site you are using. And it really does not take a whole lot of time to find the information that these hackers would be looking for.
Between this new program and the different ways hackers can get your information from ATM’s or even when you are making a phone call, it makes it very apparent how easy it is for people to hijack information. Especially with the way the world is today, with everyone accessing their accounts all the time (and everyone has multiple accounts) people need to take extra precautions to make sure they are safe. The blog mentions that using the browser that comes on your phone is one way to help, so making sure to do this is absolutely something I will make sure I do. I would also make sure that I utilize the third party software that comes with many of the applications on my phone. Everyone should be aware of the dangers that are out there, because this is definitely not something you want to be completely oblivious about. There is just too much at stake.
Post a Comment