Combatting Firesheep

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

It appears that Firesheep is the hot topic in security these days. If you haven't heard, Firesheep is an add-on for Firefox that allows the user to hijack someone else's logon session over open Wi-Fi. Essentially, Firesheep finds unencrypted traffic and sends that information to your computer. According to an article in PCWorld:

Firesheep targets 26 online services, and includes many popular online services such as Amazon, Facebook, Foursquare, Google, The New York Times, Twitter, Windows Live, Wordpress and Yahoo. The extension is also customizable allowing a hacker to target other websites not listed by Firesheep.

I personally find the whole idea behind Firesheep appalling (I won't share the developer's name because I don't think he deserves the recognition) and can't believe that in the two weeks or so it has been out, half a million people have downloaded it. Mozilla, Firefox's developer, seems a little too unconcerned or blase about the add-on, saying on its blog that the program could have just as easily been developed as stand-alone code and that websites need to step up the security on their end.


From an enterprise perspective, I see two issues here for security personnel to be concerned about. First is protecting computers used in public areas and reminding employees to avoid using free and unsecure Wi-Fi. Second is control of which programs are downloaded onto work computers and making sure hacking programs such as this aren't on company computers.


The security industry has begun to step up with safeguards, such as Zscaler's BlackSheep, a free download which alerts users if their session is being hijacked.


IT Business Edge's SMB blogger Paul Mah also has some advice for thwarting it.