Hacking for the masses: Anyone can 'sidejack' your Web traffic on Wi-Fi
By Bill Steele
The next time you're sipping coffee and surfing the Web at Borders, look around. See that guy on the other side of the room with his laptop open? He could be eavesdropping on your session. Worse, he could be using your account to order a few things for himself.
Professional hackers have been doing this for years, but now almost anyone can do it, using a Firefox plug-in called Firesheep. It's now "point-click trivial" to eavesdrop on wireless activity, says Wyman Miles, manager of security engineering for Cornell Information Technologies (CIT). That's a particular concern for Cornell because Wi-Fi is almost universal on campus, he adds. "Students hardly ever use wired connections," he notes.
The wireless network in your apartment is also vulnerable, if you haven't set it up as encrypted. The signal goes through walls and often can be accessed from outside the building. And it's open season in public hotspots like Borders or the Nines.
Firesheep (Firefox in sheep's clothing) was created by security experts to prod Web-based businesses into making their sites more secure. Most sites encrypt the opening page where you enter your username and password, but handle everything else in the clear. The site writes a "session cookie" -- a few bits of information stored on your computer -- that maintains your access as you move from page to page. Firesheep duplicates your session cookie and allows its user to masquerade as you, a process called "sidejacking."
What to do?
Media Contact
Get Cornell news delivered right to your inbox.
Subscribe