When the New York Times published the article, New Hacking Tools Pose Bigger Threats to Wi-Fi Users the other day, it was the first time many Wi-Fi users heard of the easy-to-use Mozilla Firefox hack plugin, Firesheep. This simple to download and use plugin makes it so easy for low-tech hackers to snoop innocent users’ non-https secured web pages (like Facebook, Twitter, etc. which are http sites) from the comfort of unprotected networks like coffee shops, book stores, cafes, apartment complexes, etc.
Internet technology expert, Adam Jackson, founder of Jackson Technology, has made a list of preventative actions anyone can take to mitigate the risk/threat from Firesheep when connected to a public/open wireless network.
1. If you use Mozilla Firefox, the EFF has released an add-on called HTTPS Everywhere. While not perfect (the destination website has to support HTTPS, of course), it does help some.
2. You could connect to your home/remote PC and do your web browsing remotely, thereby bypassing the potential for session hijacking (how Firesheep works). I use TeamViewer, which is free for personal use and works quite well.
3. You could be counteractive, and install the BlackSheep add-on for Firefox. While this won’t protect you, it will alert you to usage of Firesheep on the wireless network.
4. USE DIFFERENT PASSWORDS FOR EVERY WEBSITE. Seriously. Keep track of them using a password management tool. I personally use KeePass, as there is a client for Windows, Linux, Android, and just about every other platform you can think of. The benefit here of course is WHEN a username/password gets compromised, the risk is reasonably mitigated. And just remember, websites can and do get compromised and username/passwords are stolen. Just in the past two or three weeks, eHarmony was compromised.
5. Keep Windows and all your software up to date. Install updates when prompted. Use, anti-virus software (I use Microsoft Security Essentials). Use or enable Windows Firewall. These alone won’t protect against Firesheep, but will support overall system security.
Firesheep aren’t the meek animals we remember from our nighttime story hour or the round fluffs we glimpse in country pastures, they are malicious digital grazers of our personal freedom and information. The worst thing we can do is to let fear stop us from using social media wherever we wish, so do take Mr. Jackson’s advice to protect yourself before you too become a Firesheep meal.
Two possible ways to avoid the Firesheep packet sniffing that come to mind: 1) use your corporate or home VPN whenever possible, and 2) use your smart phone’s tethering capability or the 3G dongle you may already have. Both of those will encrypt traffic, making your sessions immune to Firesheep.