Towards the end of last year, a programmer names Eric Butler released a Firefox browser extension  he dubbed “Firesheep“. You may remember hearing something about it. What the extension allowed users to do – with relative ease – is intercept unencrypted website cookies as they are in transit over insecure networks. With the extension, the Firesheep user can “session-hijack” the account of the user who was sending their credentials over the unencrypted network connection. With the nefarious click of a button, an unsuspecting user could all of a sudden lose control of their Facebook account or their Twitter account, or even their online account at the local library.
It was just terrible.
For awhile, a few weeks at least, talk about Firesheep spread like wildfire. The Internet community was up in arms, and the outrage was palpable. Then the talk lessened. Within two months, the last, smoldering embers of conversation died out. Which is almost enough to make you think that Firesheep has gone away, because if it hadn’t, people would still be talking about it.
Firesheep hasn’t gone away.
If you’re reading this blog post on a laptop, on a unsecured wireless network, there’s a chance that someone is firesheeping you RIGHT NOW. Or maybe (if they have an Android) they’re faceniffing you!
Firesheep did not go away; all that time has brought are new tools that offer a broader array of session-hijacking abilities.
Do not fear, there are ways to protect yourself from session-hijacking. Are you ready to find out how?
Let’s do it!
The best solution is to set up a VPN connection to a secure network. (Full disclosure: This blog is the company blog of Global Business Solutions, and we do set up VPN connections for our clients.) But in actuality, most users don’t want to go to through the hassle of creating a VPN connection, just to log onto Facebook. Â Users also have the option of enabling a https: connection whenever they go to a website, for which they have login credentials.
Enabling a https: connection is relatively simple. If you use the Firefox browser, you can add the HTTPS Everywhere extension, which will encrypt most websites as you log into them. If you are game for a little more detective work and would like to know if someone is trying to grab your credentials, you could use the Blacksheep Firefox extension, which will notify you if someone is using Firesheep to spy on your browsing.
But let’s be honest: what you really want to do – just like 750 billion other users – is to ensure that no one hacks your Facebook account. Because that would put the cherry on top of a horrible sundae. If this is the case for you, the easiest solution is to force Facebook to only operate with https: enabled.
Want to know how to do it? Watch the video below.
What other ways do you ensure secure browsing? We’d like to know, and would be thrilled if you told us in the comments below.
Post by Joe Robb
