25 October 2010

Firesheep. Possibly the best web security learning tool!

So many other people have written about this new simple application that I won't go into detail. TechCrunch do that much better than me anyway. If you've managed to miss the news then there's a simple little tool available that will not only show you who in your vicinity is using an open wireless network but enable you to log in to their facebook, twitter, amazon accounts using their log-in (and there's a massively long list of more).

If you fancy trying it out the you need Firefox 3.6+ as Firesheep is an extension to that browser. The extension doesn't appear obvious in a search for Firefox extensions which is probably wise and I'm not going to publish it here. It isn't that difficult to find, though. Windows users will also need to install Winpcap first. Once you've installed the Firefox extension a sidebar is available which displays all the icons and screen names of people using unsecured sites around you. Click on one and you're free to run around their pages! Hacking my youngest could manage while reading Noddy Goes Shopping.

Being unusually responsible, here's a link to suggestions for another Firefox extension Force-TLS which will help you protect several (but not all!) of your accounts. The TechCrunch article author, Alexia Tsotsis accepts that this is of no help to the vast majority who'll be using Internet Explorer (or Google Chrome, Opera, Safari etc. etc.) but promises to publish more on that soon. Watch that space.

graphic by Dave Hoffman

Perhaps this will be the wake-up call we all need to be more careful about our on-line activity. I have no doubt that there will be patches and adjustments galore in the background, even attempts not to frighten us all with this story in mainstream news items, and a lot of people are very concerned to fix things today and it will all go quiet soon enough. In the meantime, though, just give it a try and I promise you it will be the most effective learning experience on the topic of internet security short of being fleeced for a few grand by a dodgy Luton fuel station till operator.

1 comment:

Anonymous said...

has firesheep been released yet? is an app? i have just installed a thawte ssl on my ecommerce site and am looking to improve security.