I read over several technical blogs about a plugin called Firesheep which plugs into Firefox browser enabling the user to actually scan any unencrypted network such as public WIFI for cookies to websites such as Facebook and Twitter and be able to use that cookie to access the Facebook and Twitter account.
How you may ask? Cookies stores information about the session. This enables you to navigate away from Facebook and return without needing to login. Handy and useful but this is where Firesheep exploits that same feature.
We begin to wonder if session encryption using HTTPS protocol should be a primary consideration given that Facebook have such a large pool of users and have been subject to several security problems in the past . My friends at ESET seem to think so. Read their blog on this here
Of course there is the issue of unencrypted wireless transmission. Does anyone still leave their wireless open without some form of encryption? Most recent wireless routers are capable of doing WPA without performance impact. Aryeh Goretsky has some thoughts about this issue in light of the discovery of Firesheep. read more on that here
SO be careful about accessing Facebook via public WIFI connections while awaiting for this to be fixed. Those deploying wireless routers, take a look at your wireless configuration and ensure you use at least WPA encryption. Even if your wireless router does not support WPA based encryption, WEP will do and this helps prevent noobs (someone with very little or no knowledge) from sniffing your cookies...
This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.
No comments:
Post a Comment