Cookies allow a website to store information on a user's hard drive
and later retrieve it. These cookies contain important information used
to track a session that a hacker can sniff out and steal if they are on
the same Wi-Fi network as the victim. They don't actually get the login
passwords, but they can still access the victim's account by cloning the
cookies, tricking Facebook into thinking the hacker's browser is
already authenticated.
Firesheep
is a Firefox add-on that sniffs web traffic on an open Wi-Fi
connection. It collects the cookies and stores them in a tab on the side
of the browser.
From there, the hacker can click on the saved
cookies and access the victim's account, as long as the victim is still
logged in. Once the victim logs out, it is impossible for the hacker to
access the account.
How to Protect Yourself
On Facebook, go to your Account Settings and check under Security.
Make sure Secure Browsing is enabled. Firesheep can't sniff out cookies
over encrypted connections like HTTPS, so try to steer away from HTTP.
Log off a website when you're done. Firesheep can't stay logged in to your account if you log off.
Use
only trustworthy Wi-Fi networks. A hacker can be sitting across from
you at Starbucks and looking through your email without you knowing it.
Use
a VPN. These protect against any sidejacking from the same WiFi
network, no matter what website you're on as all your network traffic
will be encrypted all the way to your VPN provider.
No comments:
Post a Comment