The real lesson might be to take Wi-Fi security seriously BUT the real Danger is that it can be used by everybody (that would include "Morons" that like to prey on others for fun but also by more serious "Predators" and these are anything but "morons").
Within an hour of Butler’s post appearing on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage has already popped up on Twitter in fantastic fashion.
Many sites have come up with articles stating many ideas (from Pro-use to danger of use) and here are links to a few of these:
This first one is important:
1) Using Firesheep is illegal in the US, UK, and most of the world
Here is the article (if you don't want to visit the link):
One thing that many sites have glossed over is the inherent illegality of using Firesheep. "Go on! Try it! It's cool!" -- yes, it is shockingly cool, but if you use it on a public network you are breaking the law.
In general, the interception of any communication -- digital or otherwise -- is prohibited by law. Government agencies are the only exception and even then a warrant is usually required. Firesheep, by intercepting digital communication and re-routing it to your Web browser is a wiretap. Unless you're trying to crack the local organized crime racket and you have a warrant in your pocket, you are breaking the law.
It gets worse, though. If, after intercepting another user's cookie, you then decide to log into their Facebook or Twitter account, you start stepping on anti-hacking laws. Most Western World countries have laws that protect against unauthorized access to systems and networks. The US has the Computer Fraud and Abuse Act (and the PATRIOT Act), the UK has the Computer Misuse Act, Germany has 202c -- and so on.
Basically, unless you are using Firesheep on your local, privately-owned network, you are breaking the law. Don't get me wrong: the police are not going to descend upon the local coffee shop and arrest everyone -- but if you accidentally stumble across some sensitive data you might find yourself in a lot of trouble, and in jail.
This article originally appeared on Download Squad on Fri, 29 Oct 2010 08:30:00 EST.
2) Schneier on Security blog - firesheep (Archives 10/10)
3) 'Firesheep' tells us that web security is broken
4) Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily
Now here are ways to protect yourself ( Never be too old or proud to learn! )
1) http://www.zdnet.com/blog/networking/five-ways-to-shear-firesheep/283
2) http://www.downloadsquad.com/2010/10/27/defend-against-firesheep-by-surfing-securely-with-https/
3) http://www.downloadsquad.com/2010/10/29/fight-firesheep-with-fireshepherd/
Alarmed at Firesheep's 200,000 downloads, an Icelandic engineering student named Gunnar Sigurdsson created FireShepherd ( http://notendur.hi.is/~gas15/FireShepherd/ ), a program that crashes Firesheep with floods of nonsense packets.
Although Firesheep was originally created to prove a point about insecure login credentials on social networks, the huge number of downloads means that it could be a security risk to everyday users.
Sigurdsson compares it to "living in a house with nothing but windows."
Of course, security researchers AND/OR malicious users could patch up this Firesheep flaw that FireShepherd exploits, but FireShepherd's creator has vowed to keep finding new ways to stop the snooping plug-in.
So be aware of the dangers and insure that you protect your network (from public or wireless drive-by intrusions) which means to say put some drapes, blinds or shutters on these windows.
There is no reason to paint a target on yourselves!
Best regards
The Dragon (Paul)
Thanks to Idunnobutiwastold and hotdoge3 for bringing this "Important" Discussion here.
