Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Firesheep: A Wolf in Sheep's Clothing – Beware!
November 8, 2010
Threats to our privacy just keep on coming . . . the latest security demon is Firesheep, released last month as an add-on available through Firefox.
Here's the scenario – you're nursing your favorite latte at Starbucks and logging on to your Facebook account to check on the latest party antics of your irrepressible friends. Once you're logged on, Facebook helpfully sends you a cookie used by the browser to authenticate subsequent requests. Unless the website provides end-to-end encryption – and most don't – this cookie is now available to be "sidejacked" in any open wireless network.
Someone in Starbucks has Firesheep installed. As you visit Facebook, your name (and photo) will appear on Firesheep. With a simple double-click, the snoop can now effectively watch what you are doing on Facebook – or, worse yet, act as though they were you, posting under your identity.
Firesheep is so easy that it takes the hacker out of hacking – and that's scary. There have been more than half a million downloads of Firesheep thus far according to NetworkWorld – also scary. Firesheep's creator, Eric Butler, defends his software, saying it has raised security awareness. No doubt it has, but that's hardly the point of this software. This is snooping software pure and simple and that's undoubtedly what most users intend to use it for.
Given how easy it is to operate, I hope this turns up the heat on social media sites to improve their woeful security.
Experts are questioning whether the software violates various laws,including wiretap, privacy, and computer crime laws. Stay tuned for more as privacy continues to become a quaint historical notion.
Hat tip to Jim Halberg of Nextpoint for alerting me to the story – close on his heels were Sensei's Jeff Fox and John Simek. Thanks all.
Listen to the Podcast
