Apple Is Latest Hacking Target

Paul Mah

You might have already heard about the Firesheep add-on for the Mozilla Web browser, which was released onto the Internet less than two weeks ago. Written by freelance Web application developer Eric Butler, the extension software looks for users who access certain social-networking sites such as Facebook and Twitter over an unprotected wireless network.

 

Once found, Web sessions of recognized sites are listed in a handy sidebar, where a double-click of the mouse is all it takes for the intruder to take over. Depending on actual security controls in place, the hacker might even go ahead to cement his hijack by changing the login password.

 

An Unprotected Wireless Network is Spelled Insecure'

 

It must be made clear that there is nothing revolutionary or even particularly clever about Firesheep. The free software essentially tunes in on unencrypted data streams to track down the relevant session cookies and data for its work. While conveniently disregarded, it is a known fact that unprotected wireless networks broadcast network data "in the clear." This makes it easy to intercept and view such traffic.

 

More concerning though, is that the software, which is hosted directly on the author's page, has been downloaded more than 500,000 times since it was released. As you can imagine, the tool makes it possible for novices to try their hand at intercepting the social-networking sessions of unwitting victims, at the same time tempting them to explore other tools that tap into the rich data stream of places with free (and unprotected) wireless connections.


 

Ultimately, there is greatly increased awareness of the security risks inherent to an unprotected wireless access point, exactly what Butler wanted to achieve when he created Firesheep.

 

Unclear Legal Grounds

 

For now, the legal implications of a busybody using Firesheep at the local Starbucks cafe remain unclear. Speaking to Computerworld, Phil Malone, who is a clinical professor of law at Harvard Law School professed, "I honestly don't know the answer." There appears to be two different schools of thoughts on this matter: One holds that accessing the Internet at an insecure hotspot is tantamount to making one's electronic communication readily accessible to the public, effectively rendering the argument of illegal interception a moot point.

 

The counter argument is that users accessing their social-networking accounts on an unprotected wireless network have an expectation that their use is being governed by the privacy policy of that network. Regardless of where you stand though, experts agree that the entire situation represents a legal issue that has no precedent.

 

What Can SMBs Do?

 

Regardless of the legal side of things, I do not want strangers taking over any of my social-networking accounts or even passively sniffing at my Web and e-mail data. Fortunately, there are a number of steps that small and mid-sized businesses can take to protect employees from unwittingly divulging company secrets.

 

I shall cover some of these suggestions in my next blog



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date