TechBite: A Very Serious Threat


By Steve Bass

You’re at Starbucks, busy working on your Facebook page. Bad news: The guy at the next table is a hacker, and he’s also working on your Facebook page. Sit tight, I have a few ways for you to make yourself invisible to hackers.

One Very Serious Threat

There’s a pervasive, serious Facebook and Twitter exploit that leaves you wide open to any and every hacker who can download a simple-to-use, free tool called Firesheep. It’s a threat if you’re using an unsecured, public Wi-Fi network, typically available at an Internet cafe, airport, hotel, or RV campground.

Last week TechBite paid subscribers got the first dispatch about this in the Extra newsletter; here’s a more detailed version.

The Hacking Tool
Firesheep is an HTTP session hijacker that runs as a Firefox extension and sniffs around for cookies on any unsecured Wi-Fi connection.

When you log onto Facebook, Twitter, or any of over 26 other social networking sites, your computer sets a session cookie. A person running Firesheep can read the cookie and log onto your Facebook page. Then he (okay, or she) can do anything from your Facebook account, such as send e-mail or write on a wall.

Every browser is vulnerable to the exploit.

The one saving grace is that Firesheep doesn’t have access to your password — that’s encrypted and safe. If the hacker tries to change it from within Facebook, you’ll get an e-mailed alert. But everything else on Facebook is fair game.

Download and try Firesheep if you don’t believe me. There’s nothing as shocking as reading a stranger’s Facebook or Twitter account without their knowledge or consent. It might actually motivate you to do something to protect yourself.

Who’s Behind Firesheep?

Firesheep’s author has an open agenda: to force social networking sites to make the entire online session secure, just as the online banking sites do. (When you’re on PayPal or your bank’s site, you’ll see an icon of a lock somewhere on your browser, and the link will start with “https” rather than just “http.”)

I think it’s a dang stupid way of getting people to see the problem, but what do I know?

How to Make Yourself Invisible to Hackers

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles