Tuesday, January 11, 2011

Application called Firesheep could endanger WiFi users, enable attackers to impersonate them online later on social networking sites

Samara Martin Ewing has an important posting about WiFi security at television station WUSA9 (Washington DC’s CBS station), “Protecting Your Facebook, Twitter Accounts”, link here.  The story concerns a Firefox spyware application called Firesheep. A user with it and within range of an unsecured WiFi hotspot can find all userids and logon passwords for Facebook, Twitter, and perhaps some other popular programs for which people are logged on, and could later impersonate the people, possibly framing them for crimes, ranging from scams to even c.p. It’s not clear how legal defenses in such cases could play out (I had taken up this problem on this blog particularly on Feb. 3, 2007).

This sort of thing could be a problem for hotel WiFi, and even for home users with home networks (particularly in apartments where the units are closer together), since cable companies have been pushing their use (rather than using multiple landed cable modems).

Webroot gave the link to the WUSA story on its Twitter feed today.

A good question would be whether all these (popular) sites should use much wider use of https ("everywhere"), as advocated by EFF, and how effective protection that would be.

Verizon tells me that its new Card-based WiFi is secure. (It replaces connecting the Blackberry to use Verizon Access Manager). I also noticed at a Verizon store today that the store used Sophos anti-virus, and Sophos is the anti-virus provider for Webroot. It seems other companies are gaining on McAfee and Norton, big time, even for corporate network protection.

No comments: