How does Firesheep Work?

Posted by

“I’m worried about people accessing my passwords with Firesheep when I sign in to places like Facebook from the local coffee shop. How does Firesheep work? Is there a way I can protect myself or should I just avoid free public WiFi?”
While you are correct to be cautious when using free public WiFi, you don’t necessarily need to stop because of Firesheep and other network sniffing tools. There are a number of ways you can protect your data to achieve sufficient levels of security. I’ll walk you through how Firesheep works so that you can take measures to prevent anyone accessing your information.


So How does Firesheep Work?
Firesheep is a Firefox plugin that looks for browser session cookies on open WiFi networks. These cookies are used by the sites you login to in order to verify your identity. Unfortunately, when the cookies aren’t sent over an encrypted path, anyone else on the network has the opportunity to grab them and use your login.
How can you protect yourself from Firesheep?
While using a secure connection by signing in from an HTTPS link seems like it would secure you from Firesheep, this is not always the case. There are a number of sites that either start out with standard connections and switch to secure connections after you sign in or they pass your session information in the clear meaning Firesheep can still get your passwords.
I currently protect my own connection using Hotspot Shield, which I talked about previously as a way to stay safe on public WiFi networks. Hotspot Shield encrypts all your data up to the point where it leaves the Hotspot Shield servers and goes to the server of the website you visit. This means no one else on the public WiFi network can see your data. If you plan to connect to public WiFi networks, you should definitely install Hotspot Shield or one of its competitors.
Another step worth taking is to encourage your local coffee shop to use WPA encryption on their WiFi network. If they switch to using WPA encryption, it doesn’t mean you should suddenly stop using something like Hotspot Shield, but it will help reduce the vulnerability for everyone on the WiFi network.

Advertisements