Become Someone Else on Facebook, Flickr, Amazon, and More with Firesheep
Privacy is dead. Between Facebook’s security flaws and more companies practicing data scrapping, there can be no doubt. But just in case you weren’t convinced, the Firesheep add-on for Firefox makes it even more apparent by letting everyone in on seeing each other’s internet identity.
Firesheep is a Firefox extension created by Eric Butler for the sole purpose of showing the world how little security there is on the internet. The problem that Butler wants to point out is that most popular sites (such as Facebook, Flickr, Amazon.com, Dropbox, Evernote, and more) only secure the front end of their websites. So your login page might be HTTPS or SSL encrypted, but once you go past that, most sites use an unsecured connection that only need a simple cookie check.
Firesheep demonstrates how this vulnerability is frighteningly easy to exploit, as it only needs other people to share an IP address from an open Wi-Fi hotspot and for Firefox to be launched. The browser will come up with a new side bar that takes a few moments to populate a list of user names and photographs (if available). When you click over to a persons name, the extension intercepts their session and allows the user to continue browsing the website as them. Firesheep is free, open source program ready for anyone who wants to try and is available now for Mac OS X and Windows, with Linux support on the way.
This is a big deal as long as website developers don’t take responsibility and secure their sites. But while we hold our collective breaths, here’s a handful of ways to protect your privacy, including our guide to removing your browser’s cookies: Close the Cookie Jar: How to Protect Your Privacy. Also a post at TechCrunch points out that there are two pre-existing Firefox extensions—Force-TLS 2.0 and HTTPS Everywhere—that force websites to use the secure HTTPS protocol.