Firesheep exposes security problems

With an increasing number of businesses offering free Wi-Fi to their customers, people have a right to worry a little about the security of their accounts. If you have Firefox you can now see just how exposed you are by using open internet connections by installing the plug-in Firesheep.

A well-presented extension, Firesheep allows you to begin or stop capturing the account information of anyone signed into a social network on the same open internet connection as you.

It is scary how quickly the device grabs other people’s details and displays them neatly in a sidebar. You can click any of the accounts shown in the sidebar and automatically be signed in to that person’s account.

It has the ability to get cookies from almost every site automatically, including Amazon, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, Hackernews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, Tumblr, Twitter, WordPress, Yahoo and Yelp – are you scared yet?

The extension was created when it was revealed Google had inadvertently harvested millions of people’s account information while collecting photos for its Streetview feature.

The only way to protect yourself from this extension is to use a secure site or network.

The creator, Eric Butler, wanted to expose how little security some websites have. He said: “It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else.

Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”

The app has been downloaded millions of times. This means Butlers dream of exposing this security flaw to the world could come true. People take their data very seriously online; some have been known to lose their jobs over Facebook photos and messages or be victimised for misuse of search engines on company time.

If you take the security of your data data seriously surely the company you give it to should be taking every precaution possible to ensure it is safe and secure. LimeTree will be producing a blog soon that will show you how not to get hacked by Firesheep.

Firesheep has definitely alarmed the public and caused serious media attention toward how we expose ourselves to hackers daily, or now anyone who uses Firefox.