Be Safe Out There

A message for some of my less technical friends:  The news has been out for a few weeks, but I think a heads up is still in order.  If you don't know what FireSheep is, take a quick look online.  Basically, it allows someone to "hijack" your session when you use unsecured wi-fi (Starbucks, Panera, etc.).  The capability for this attack has been inherent in unsecured wi-fi, but this Firefox plug-in makes it dead simple for any knucklehead to double-click their way into your Facebook/Twitter/LiveMail & more.  An important note is that even if you login using HTTPS, the session cookie is often transferred back to you using HTTP meaning your session can still be hijacked.  Once the attacker takes over your session, they can do pretty much anything you could do that doesn't require your password (update status, change privacy settings, send messages, etc.).  The moral of the story: be careful out there and protect your data.

If you're using secured wifi, this attack won't work... even if the secured wifi uses a common password that is publicly available.

For more information here's a transcript of a Security Now episode discussing FireSheep: