Another reason to be VERY cautious when using a guest WIFI network.MWahl | November 11, 2010 | 3:19 pm
This has been out there for some time now. A brand new Firefox add-on called “FireSheep” http://wiki.twit.tv/wiki/Security_Now_272 lets anyone who is connected to the same Wi-Fi or Ethernet as someone that may be using Facebook or Twitter hack their account easily with just the click of a mouse button.
The link below shows just how easy it is to install firesheep.http://codebutler.com/firesheep
The goods news, there are something’s you can do to protect yourself.
If you use Firefox, these add-ons should do the trick:
- HTTPS Everywhere — this gem from the Electronic Frontier Foundation is about as good as it gets. By default it forces most popular websites to use HTTPS, and you can add your own rules for other sites. This is one of the few add-ons that I use everywhere
- Torbutton — this solution is slightly more involved (it’s for power-users), but if you want to be really secure and anonymous, the Tor network is a fantastic solution
- Force-TLS — this is like HTTPS Everywhere, but doesn’t come with a built-in dictionary of secure sites. Adding them is very easy, though
Chrome users, due to a limitation of the browser, aren’t quite so lucky. There is no way to force HTTPS with an extension. You may have read elsewhere that KB SSL will help you, but it won’t. Instead you need to use a secure SOCKS proxy. This isn’t particularly hard, it does involve a bit of work.
- A guide for Windows users, using SpoonProxy
- A guide for Mac users, using Meerkat — our sister site TUAW has a guide that might help, too
Opera and Internet Explorer users: you too will need to use a SOCKS proxy; just follow one of the guides above.
Ultimately, though, if you use unsecured Wi-Fi networks you will leave yourself exposed. The best solution might not be to install add-ons, but to ask your local coffee shop owner to secure his network with WPA2. The entire problem would go away if big-name websites used HTTPS across the board, too.