We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
2,812 Tutorials

How to protect against Firesheep attacks

Measures to ward off Firefox add-on's hijacking of browsing sessions

Security experts are advising Firefox users on how to protect themselves against Firesheep, the new browser add-on that lets amateurs hijack users' access to Facebook, Twitter and other popular services.

Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network - such as a coffee shop's Wi-Fi network - visits an insecure site.

A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.

Since researcher Eric Butler released Firesheep, the add-on has been downloaded nearly 220,000 times.

"I was in a Cofee shop today, and someone was using Firesheep," said Andrew Storms, director of security operations at nCircle Security. "There were only 10 people in there, and one was using it!"

But users aren't defenceless, Storms and several other experts maintained.

One way they can protect themselves against rogue Firesheep users, experts said, is to avoid public Wi-Fi networks that aren't encrypted and available only with a password.

However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.

"While open Wi-Fi is the prime proving ground for Firesheep, it's not the problem," Gallagher said in a blog. "This isn't a vulnerability in Wi-Fi, it's the lack of security from the sites you're using."

Free, open Wi-Fi is not only taken for granted by many, but it's not the problem. There are plenty of low-risk activities one can do on the internet at a public hotspot, including reading news or looking up the address of a nearby eatery.

So if Wi-Fi stays, what's a user to do?

The best defence, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.

While many business workers use a VPN to connect to their office network while they're on the road, consumers typically lack that secure 'tunnel' to the internet.

"But there are some VPN services that you can subscribe to that will prevent someone running Firesheep from 'sidejacking' your sessions," Wisniewski said.

A VPN encrypts all traffic between a computer - a laptop at the airport gate, for instance - and the internet in general, including the sites vulnerable to Firesheep hijacking. "It's as good a solution as there is," Wisniewski said, "and no different, really, than using encrypted Wi-Fi."

  1. Avoid public Wi-Fi networks
  2. VPN isn't a total solution

NEXT PAGE: VPN isn't a total solution

IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

2014 Mac mini release date, specs, rumours: When's the new Mac mini coming out?

IDG UK Sites

Long live the internet fridge: the Internet of Things is coming

IDG UK Sites

How Prometheus' colourist Juan Ignacio Cabrera gave a tense, edgy feel to Chosen