Don't Use Public WiFi

Don't use public wifi like the ones you find in libraries or coffee shops.  Or if you do use them, don't login to Google, Facebook, Twitter, Amazon, Dropbox, or Wordpress - which is nearly impossible.

Last week, someone released a Firefox extension called "Firesheep" that exposes the vulnerabilities of popular websites that don't use https or ssl protocols.

Basically it works like this:

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website - without having to login. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

You'd be amazed, but every single one of the sites I mentioned earlier don't offer default protection against this hack.

Experienced hackers have always been able to hijack http sessions. Firesheep brings this hacking to the masses. It is infinitely easier for the average joe to snoop around people's email boxes at the local Panera.

Download here and try it yourself if you'd like. Google "firesheep" if you want to learn more. Don't use public wifi.