News

Even more reason to be careful with public open wifi

A new Firefox add-on allows anyone to scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services.

The add-on, dubbed "Firesheep," was released Sunday by Eric Butler. Butler said he created Firesheep to show the danger of accessing unencrypted websites from public Wi-Fi spots. Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog. "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy."

With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Firesheep can hijack are Facebook, Twitter, Flickr, bit.ly, Google and Amazon.

Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site. "Double-click on someone [in the sidebar] and you're instantly logged on as them," said Butler in his short description of his add-on.

The add-on appears to be irresistible: Since Butler posted Firesheep on Sunday it's been downloaded nearly 50,000 times.