53° Good Afternoon
53° Good Afternoon

Firesheep lets anyone see your e-mail, Facebook, more

Internet access will be in many more locations

Internet access will be in many more locations under a deal signed by Cablevision, Time Warner and Comcast. The three have agreed to give customers access to all WiFi services. Photo Credit: Newsday, 2009 / Ana P. Gutierrez

Firesheep, a new extension for the Firefox browser gives users  full -- but illegal --  access to other Internet surfers' accounts including  Facebook, Twitter, and e-mail accounts.

Firesheep steals cookies in real time from the browsing sessions of Internet surfers using the same public WiFi network. As people access their accounts, Firesheep will livestream to its user a series of links to the various sites with the password and logins enabled.

Firesheep, created by Eric Butler, a software developer from Seattle, said the hack was meant to highlight how websites compromise users' private information.

“This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users,” said Butler via his website.

As of this writing, Butler claims the Firesheep works on, Facebook, Twitter, Dropbox, Google sites, Yahoo, Foursquare, among others.

Although the extension is only for Mozilla's Firefox, Firesheep picks up private cookies from other browsers as well, such as Safari, Internet Explorer, and Chrome.

The extension is free.  However, according to the Computer Fraud and Abuse Act of 1986, it is a federal crime to access a computer without authorization.

Mozilla's stance

Firefox is an open source broswer maintained by Mozilla Corp. In response to the Firesheep breakout, Firefox director Mike Beltzner said the company is not responsible for security flaws in other websites.

"Firesheep is an add-on for Firefox created and distributed by a third-party developer. It demonstrates a security weakness in a number of popular websites, but does not exploit any vulnerability in Firefox or other Web browsers," Beltzner said.

He also added that Mozilla recommends that websites start supporting HTTP-STS protocol, which will be supported by default in Firefox 4

How to protect yourself

At home, always have your wireless network password protected. Also, make sure the network name you choose doesn't easily identify your household, in other words the family name, address, etc.

While it's probably never a good idea to send and receive private information through a public network, there are some steps to help protect your privacy.

Beltzner says Firefox users can use this add-on:  Force TLS, to protect themselves. This forces the HTTP protocol into the more secure HTTPS line.

Google Chrome users have a preference that can be selected that allows only HTTPS connections.

For Safari and IE users there aren't any immediate and easy solutions. Life Hacker does offer a step-by-step guide on how to encrypt all your web data. It might seem somewhat daunting, but it's definitely worth a couple of reads.

Mozilla has yet to release any official word regarding their stance on Firesheep. Check back again for updates. 


We're revamping our Comments section. Learn more and share your input.

More news