There's a new Firefox extension named Firesheep that makes it "rediculously easy" to get HTTP login cookies from Facebook, Yahoo, Amazon, Dropbox, Twitter, WordPress and others. With this extension ANY ONE can connect to any of these sites that you are logged into via a public wifi connection - regardless what browser or operating system you are using. Unless you actively log out of a site, they can post messages or do anything else that you can.
Where do you use a public wifi? If you use the internet provided by a hotel, airport, coffee shop, public library or even a friends house that has an open wireless network and even your own home. If you can connect to the network without having to enter a password for the network, then it is insecure. Even if you have to enter a password on a web page, it is insecure. A secured wireless network that encrypts all traffic (WEP, WPA 1 & 2) requires a password when the wireless card connects, or the network has to be setup to recognize the wireless device. The NCCE County wireless networks and NCSU wireless networks are this way (open and insecure) because it would require posting the passphrase publicly or signing up non-trusted devices. The user/password required is to limit who is on the network. You can tell if you are on a secured network because the network name will have a lock by it when you select or view it from the network places listing window on both Macs and Windows.
What should you do when you are using a public wifi? NCSU has a Virtual Private Network (VPN), but it only encrypts what is bound for NCSU. This is called a "Split Tunnel" VPN and is the most commonly used on university and corporate networks. So, establishing a VPN connection with NCSU only encrypts data destined for NCSU sites.
One good option is to install and use HTTPS Everwhere and Firefox. This redirects any sites to the secure version - if there is one and if HTTPS Everywhere knows about it. These include Google Search, Wikipedia, Twitter, Facebook, most of Amazon, Wordpress.com blogs, Paypal and more. Just note that it may slow down the loading of Firefox if you have many tabs open at once.
Look for sites that have https:// rather than http://. The "s" stands for secure and any information sent to that site is encrypted.
If you are on your own wifi at home, secure it. Get out the manual and read how.
Safe browsing...
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment