The Kids are Busy Checking you Out
Think that the only people monitoring your Internet activity are high-ranking government agencies and talented hackers? Think again.
In her New Your Times article, New Hacking Tools Pose Bigger Threats to Wi-Fi Users, author Kate Murphy speaks about a new generation of hackers called “cyberpunks.” These guys are not the basement-living geeks that we are all fond of, but rather technology-adequate malcontents who hang out in coffee houses with easily downloaded tools and grab your private information as you sip a latte.
These cyberpunks are using a simple application called Firesheep to catch the information you pass back and forth on the free WIFI network that comes with your $5 coffee. Firesheep was written by a Seattle geek, Eric Butler, who released it to the world to demonstrate how easy it is to steal WIFI data. Over a million copies of Firesheep have been downloaded; at least one is probably being used in a coffee shop near you.
The basis behind Firesheep, and the problem with WIFI, is that the majority of information that we pass back and forth on a public WIFI network is unencrypted. This is roughly equivalent to walking around the mall wearing your credit card number on a sign hung around your neck.
Surprised to learn that WIFI networks are open to the public? Consider this the next time you visit Starbucks: do you really want to share your surfing habits with the grungy kid in the corner? Probably not.
For those who know a bit about Internet Web encryption, SSL primarily, Kate’s article might still surprise you. According to Kate, many of the encryption-enabled sites that we visit, have neglected to encrypt all of the session information (i.e., the information shared during the time you spend on a particular website). What this means is that a few of the really important pieces of information about a session, like the cookie which acts as your unique identifier, might not be encrypted. A program, like Firesheep, can grab this cookie, or whatever is available, and pretend they are you.
There are a few lessons to be learned here.
1. You, personally, should never trust a public WIFI connection with anything that you don’t want to share with the world.
2. If, as Kate maintains, major companies, like Facebook and Google, have blown their website security, what are the chances you have done it correctly within your company website?
If you have implemented encryption within your website, you need to know whether you are truly encrypting all of the information you need to. If you are passing sensitive information between a user and your server without encryption then you are opening yourself up to problems. Chances are one of your users will access your site at a coffee house and share everything with a new, unintentional “friend.”
Figure out where your website stands before your or your customer’s information gets stolen. Visit our homepage to submit your website for a free vulnerability review.
May 03, 2011 at 5:10 am, Google Adwords said:
This post is very helpful & informative thanks!
May 05, 2011 at 11:22 am, Kermit said:
Wonderful contribution, trendy blog style, keep up the great work
May 22, 2011 at 3:29 pm, Boxfresh said:
You can’t examine the teeth of a gift horse.