Threat of the month: Firesheep

Share this article:
Randy Abrams
Randy Abrams

Firesheep

What is it?

Firesheep is a Firefox add-on that automates the hijacking of accounts that are not secured by SSL (https).

How does it work?
When a user logs onto Facebook, Amazon, Twitter or any number of other accounts, the user name and password are encrypted, but the cookie that the site sets to remember the user is not encrypted as it is sent to that person's computer. This means that if the user is at their local coffee shop using their open Wi-Fi system and logs onto a website, the cookie can be intercepted by anyone else using the same Wi-Fi network. By intercepting the cookie, the attacker can use that user's account.

How can I prevent it?
There are ways to protect your accounts. You can use a VPN, but do not expect your corporate VPN to do the job. Typically, only traffic between your computer and the company are tunneled, leaving your webmail and other accounts unprotected. The safest approach is not to surf anywhere that requires a password when you are on a public network.

– Randy Abrams, director of technical education, ESET

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.