He released a free program in October called Firesheep. This new gem of a program has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.
He did this to point out a widespread lack of security in the area of end-to-end encryption.
If you are like most people out there, right now you are saying…”Huh?” or “What does that have to do with me?” Here is why this matters…
Firesheep gains access through an often unprotected Web browsers cookie to allow anyone, no matter their intention, to be you on the site and have full access to your account. They can do this from two to three miles away and don’t think you totally safe at home either…and get this, more than a million people have downloaded this program in the last three months. Unfortunately, this is not the only program of its kind on the market right now with products like Gerix Wi-fi Cracker, Aircrack-ng, and Wifite, it just happens to be one of the most reliable. Wonderful…right?
Sites like banks or Paypal that employ cryptographic protocol transport layer security or SSL (Secure Sockets Layer) are the only ones that are seen as safe by the industry…and I am beginning to think that maybe they won’t be soon either. You should be safe if a little lock appears in the corner of your browser or the URL starts with “https”…not “http”.
More importantly, to protect yourself change the default name of your router from (Linksys or NetGear) to something less predictable. However, many industry experts say that setting up a VPN (Virtual Private Network) is the better solution. There are a number of paid services on the market out there that provide that such as Log Me In Hamachi.
Maybe we are getting too deep into the tech side of this conversation. Maybe there is a larger issue at hand. There are certainly questions to ask and some points to make…
- Did Mr. Butler do us a favor?
- Is the only way we will find holes in our internet security by hackers inventing viruses or programs in order to make our life difficult to teach the companies a lesson?
- What in the heck are the Management Information Systems gurus of major corporations doing out there to protect us?
- What is stopping a hacker, with all their incredible knowledge from marching into a board room and saying…”hey, look what I can do!…Now, how much is that worth to you?” Oh, it’s a crime you say? I think I know of a few companies who would love to have the forward knowledge of these hackers…before any crime is committed.
Maybe these companies need these hackers on their payroll. This way, the companies won’t have to worry about the legion of hackers breaking into their systems and the people won’t have to worry about identity theft. Perhaps, that is in opposition to the hacker code of ethics…like working for the enemy, but it sure would make life easier. However, the true hackers out there make a very good living on their own so why should they want some desk job and a corporate office…to them, bringing down the man at his own game is well…fun to them.
With the release of Firesheep, that hacking ability has been put into the hands, not just of the expert hackers, but in the hands of the common Joe three houses down from you with a lot of time on his hands gulping down Pepsi by the two-liter and eating Ho-Ho’s . So what can we do about all of this?
- Protect yourself.
- Write in forums and emails to the sites lacking in security.
- Write to your often used sites and ask them what type of security they use to protect you…but above all…
- Speak Up and get everyone thinking about internet security.
Technology is an integral part of our future, it is imperative that it is secure for everyone. It is important that everyone from end-user to corporate guru to government official come together on this topic, until that time, I will be counting Firesheep.
—- Erik Sudberg