The Warp Pipe team spent part of the day yesterday trying to figure out which Wi-Fi networks the Firesheep Firefox extension works. Firesheep gives users full - but illegal - access to the accounts of other Internet surfers on many open Wi-Fi networks, including Facebook, Twitter, flickr and e-mail.
We launched the extension at various locations throughout Long Island in the hopes that some of open Wi-Fi hotspots had encryption protection that would block the use of Firesheep. The results weren't good.
Barnes & Noble, Panera Bread, Starbucks, Borders, and the the LIRR Wi-Fi waiting room in Penn Station were all open to Firesheep. In each of these locations, the extension was able to pick up access to other users' online accounts, such as Facebook, Twitter, and Yahoo mail.
Firefox director Mike Beltzner said the company is not responsible for security flaws in other websites.
"Firesheep is an add-on for Firefox created and distributed by a third-party developer. It demonstrates a security weakness in a number of popular websites, but does not exploit any vulnerability in Firefox or other Web browsers," Beltzner said.
Since it seems up to you to protect yourself, make sure to the Firefox browser when surfing on an open Wi-Fi spot. Download the Forces-TLS add on.
Home Wi-Fi networks are also vulnerable if not password protected. The Federal Trade Commision maintains OnGuard Online, a site that provides practical tips to help consumers be on guard from internet fraud, says there are also big differences in the type of encryption you use. The FTC recommends using WPA2 encryption rather than WEP encryption security on their own routers.
This tutorial from OnGuard Online, demonstrates how to secure different model routers.