In a cyber-world that’s rife with threats to privacy and security, the advent of session hijacker Firesheep has many Wi-Fi users wondering how they can protect their personal and business information while they are surfing the web.

What is Firesheep?

Firesheep is a Firefox extension that allows users sharing your Wi-Fi connection to find your login information to several sites and then log in as you. Those users can then make changes to your accounts or find sensitive data.

The extension was originally created to bring attention to the fact that many websites are not taking the proper steps to protect their users – and it has done just that. The creator wanted to emphasize the importance of encrypting sessions from end-to-end, which many websites, including most social networking sites, don’t do.

The Danger of Firesheep

Since it was released, many people have taken advantage of the add-on to gain access to people’s social media accounts, collect personal information and manipulate people’s social media information.

Unfortunately, using Firesheep is easy for a would-be social media hacker. To use it, they simply open the Firesheep extension as a sidebar in Firefox. Once open, it shows them who else on their Wi-Fi network is logging into the vulnerable websites and lets them immediately start using their accounts for whatever purpose they’d like. And since most social networking sites are not fully encrypted, users are susceptible to session hijacking.

How to Protect Yourself

Since the news of Firesheep broke, several developers have created programs to protect users from session hijacking. There are already two extensions compatible only with Firefox along with other options that are more browser-flexible.

  • Force-TLS lets you identify sites on which you would like to force the use of the HTTPS protocol, making your cookies invisible to Firesheep http://bit.ly/9yf8Mr
  • HTTPS Everywhere, like Force-TLS allows your browser to change to HTTPS on any site you indicate in the Firefox Add On Preferences menu http://bit.ly/cDMQIW
  • VPN clients authenticate and encrypt anything sent while using the client. You can use your corporate VPN if you have one, or you can use a pay VPN service such as AlwaysVPN http://bit.ly/ateKFK

These tools, along with a few others, are great ways to protect against session hijackers as well as other hackers. Remember, Firesheep is just the latest in a series of threats reiterating how important it is to take security measures while online, especially while using an insecure Wi-Fi network.

Further reading: ZDNet