Combatting Firesheep

Sue Marquette Poremba

It appears that Firesheep is the hot topic in security these days. If you haven't heard, Firesheep is an add-on for Firefox that allows the user to hijack someone else's logon session over open Wi-Fi. Essentially, Firesheep finds unencrypted traffic and sends that information to your computer. According to an article in PCWorld:

Firesheep targets 26 online services, and includes many popular online services such as Amazon, Facebook, Foursquare, Google, The New York Times, Twitter, Windows Live, Wordpress and Yahoo. The extension is also customizable allowing a hacker to target other websites not listed by Firesheep.

I personally find the whole idea behind Firesheep appalling (I won't share the developer's name because I don't think he deserves the recognition) and can't believe that in the two weeks or so it has been out, half a million people have downloaded it. Mozilla, Firefox's developer, seems a little too unconcerned or blase about the add-on, saying on its blog that the program could have just as easily been developed as stand-alone code and that websites need to step up the security on their end.

 

From an enterprise perspective, I see two issues here for security personnel to be concerned about. First is protecting computers used in public areas and reminding employees to avoid using free and unsecure Wi-Fi. Second is control of which programs are downloaded onto work computers and making sure hacking programs such as this aren't on company computers.

 

The security industry has begun to step up with safeguards, such as Zscaler's BlackSheep, a free download which alerts users if their session is being hijacked.

 

IT Business Edge's SMB blogger Paul Mah also has some advice for thwarting it.



Add Comment      Leave a comment on this blog post
Nov 14, 2010 5:53 AM CJinSeattle CJinSeattle  says:

Eric Butler developed this software with the intent to really show people and the social sites how serious a problem this is. I mean really, he doesn't deserve the recognition? Lol. Please, like you can't google it anyway. At least he came up front with it. Other people have done the same thing but kept the software hidden to themselves and people didn't know about it. This software has now made the news and people are aware of the danger potential now. Admittedly, it's not the best kind of thing to have floating around, but look at the bigger picture. Security needs to be enhanced, PERIOD.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.