I was reminded recently of firesheep, the Firefox plugin that allows someone on an unsecured open network like say a coffee shop wifi to grab peoples cookies and take over their accounts. Well it’s not alone there are other ones out there and they run on smartphones and laptops now.
As I was thinking of this I remember that some sites have since made efforts to help their users by making their web sites use secure protocols at all times. This secure access allows the person to exchange information with web sites without fear of being eavesdropped on. But not all sites have implemented this and even some of the big ones that have have not rolled it out to all of their sites.
Facebook (https whenever possible? Always or nothing!), you can only be secure with a browser plugin. Google, you did gMail and apps but you can’t even use https with iGoogle but you still have to be logged in and so your login and everything on Google is open season. Hotmail still lets you connect unsecured, but they have a stay in https option. Twitter lets you connect full time in https. I guess some of you are listening, now how about the rest of you?
For the rest of you out there, if you have a site where you track peoples data then force use of encryption. Get a certificate on your web site and set it that you only allow https. I know you can do it with both IIS and Apache.
For users, use only sites that allow you to set the connection to secure or use some type of addon to your browser that allows you to force sites to use encryption. And if you are on an open network do not go to anything or use any site that you wouldn’t want the world to know you are at.
I use a plugin for Chrome called “Use https” and recommend it. There are similar plugins for Firefox and IE. Find something and use it, and bug your providers to allow you to use secure protocols. Also beware of any open network, at coffee, in a hotel (if they give you a key to login then your encrypted.) Stop using the same password everywhere! Just stop, you can remember more than one.
With all of the activity with many sites being attacked and compromised lately lets not make it so easy for people OK? And be safe out there.
- FaceNiff Is the Firesheep for Android, Hijacks Facebook Sessions with One Tap [Video] (lifehacker.com)