The Internet is a dangerous place, for your Facebook anyway
December 3, 2010
The Internet, isn’t it lovely? All the games, videos, cool stories and things to do. The Internet provides for literally endless hours of entertainment. If you don’t believe me take a trip over to Stumbleupon.com.
However, as we use the Internet more and more, we begin to put more of our information on it with Facebook, online banking and others. Although giving your data to someone else normally causes privacy advocates to raise an eyebrow, it no longer is of concern to them.
All focus has been turned to one of the biggest vulnerabilities in a long time. It’s called sidejacking, and with a new Firefox plugin called Firesheep it has made hacking your Facebook account easier than ever before.
Now, if you just read that intro and are confused, let me explain. When you use Wi-Fi at the library or a coffee shop and you’re logged into a website, such as Facebook, Twitter or even some online banking, other people using the Wi-Fi can temporarily — sometimes permanently — steal your account. This is done using what is called sidejacking.
Normally when you log into a website, you give it your username and password. That website verifies that you are who you say you are, and it sends your computer what is called a cookie. This allows you to use a website without being forced to log in on every single page you go to.
So say you log into Facebook, your login is verified and you can browse all the pages. That creates an open session between you and Facebook. Someone else on the same Wi-Fi as you can tap into that open session and literally browse Facebook using your account and credentials — using that cookie I mentioned earlier.
Now here’s the thing. Anyone and their mother can do it. All you have to do is download the add-on called Firesheep and set it up in Firefox, and then go find an open Wi-Fi and wait and see who logs in.
This in and of itself is the problem and here’s why. The Internet is assumed to be a dangerous place, and you should know what you’re getting into when you use it. The issue at hand is that sidejacking is too easy.
Usually hacking or penetration involves some level of skill, hence its appeal. Hackers like to find an exploit and see if they can get past it, sometimes to get something out of it or just to say they could do it. That’s the fun in it, and oddly enough most hackers are responsible people that understand Internet security and are a lot of the times “White Hat” hackers that actually try to help make the Internet more secure.
Eric Butler, the guy who actually released Firesheep, is a “White Hat” hacker to some extent. Since sidejacking and Firesheep are now open to the masses, it makes sidejacking so easy that anyone can do it. And who is anyone? The people on Twitter, the people playing Farmville all day, the people on YouTube.
Have you seen those ridiculous YouTube comments? Those people can potentially get on your Facebook and write whatever they want on it. Great, just great. And you know what’s even better? For the moment, there’s no fix in sight — that is unless all websites start to force end-to-end SSL encryption.
So for now, use the same common sense you’d use anywhere else. Watch your step, don’t talk to strangers and stay off public Wi-Fi!