Through Firesheep comes awareness

Chaos and anarchy can be a wonderful thing. Before things can get better, it is sometimes necessary for matters to become worse. Obvious chaos and trouble are states which make people open up their eyes to reality.

This is exactly what happened about two weeks ago. A clever programmer named Eric Butler has written and released a Firefox extension named Firesheep on Github, making it freightenly easy for anyone without even the slightest knowledge in the field of hacking to hack and aquire access to anyone’s Facebook, Amazon, Twitter, etc. account in a matter of seconds just by double-clicking the victim’s displayed profile picture in the Firefox sidebar. The victim needs to be located within the same local area network at for example an obvious place such as a cafe or any other kind of open public wifi spot. The extension then collects information about the surrounding computers or smartphones, automatically downloads their profile picture from their at the moment used social network services and displays them in an easy and browsable way. If the attacker then wants to gain access to their accounts they just double-click the victim’s aquired profile picture.Firesheep in Firefox

This sounds like terrible news, but in reality I believe this to be great news. Finally companies will become aware of the security problems which have been there all along. It has been possible to make these types of attacks in a not to difficult manner through software such as Wireshark. It required way more knowledge before but anyone determined to carry it out could do so without to much trouble. Hopefully from now on this issue will recieve the attention it so badly deserves.

The good thing is that this problem can be corrected in a very easy fashion right now. Just turn on WPA encryption! That’s it! By doing this all packets transfered within the LAN will be encrypted and this technique will get completely thrown off. Cafe owners should turn WPA on and put up a notice with the password for anyone to see, or even put the password in the ESSID of the router. I also hope this will lead to the general public becoming more aware of the dangers concerning connecting to public WIFI spots from this point onward. People should always need to keep in mind that connecting to a public network means that there’s always apossiblity for someone to access your private and sensitive information if they so choose to.

Codebutler – http://codebutler.com/firesheep