Threat of the month: Firesheep

Share this article:
Randy Abrams
Randy Abrams


What is it?

Firesheep is a Firefox add-on that automates the hijacking of accounts that are not secured by SSL (https).

How does it work?
When a user logs onto Facebook, Amazon, Twitter or any number of other accounts, the user name and password are encrypted, but the cookie that the site sets to remember the user is not encrypted as it is sent to that person's computer. This means that if the user is at their local coffee shop using their open Wi-Fi system and logs onto a website, the cookie can be intercepted by anyone else using the same Wi-Fi network. By intercepting the cookie, the attacker can use that user's account.

How can I prevent it?
There are ways to protect your accounts. You can use a VPN, but do not expect your corporate VPN to do the job. Typically, only traffic between your computer and the company are tunneled, leaving your webmail and other accounts unprotected. The safest approach is not to surf anywhere that requires a password when you are on a public network.

– Randy Abrams, director of technical education, ESET

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in Opinions

Sign up to our newsletters


More in Opinions

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?