Since the Firesheep extention was released a couple of weeks ago, more people have been paying attention to security vulnerabilities that can happen while using unsecured Wi-Fi networks. Indeed, as developer Eric Butler said when he created and released Firesheep, that was sort of the point.
Since Firesheep was released, there have been a number of countermeasures developed, ostensibly to warn if not protect users from potential side-jacking. Blacksheep, released earlier this week by Zscaler, generates “fake traffic” then monitors the network to see if Firesheep is active.
But Blacksheep warns you that it is, then what? Other than shutting off your notebook and perhaps relocating to a different cafe with free Wi-Fi, what are your options?
This series on data security and privacy is brought to you by IBM. Find out more about how IBM is creating a Smarter Planet.
HTTPS, Everywhere
If the point of Butler’s Firesheep was to expose the vulnerabilities of most major websites due to unencrypted cookies, then it’s a missed opportunity arguably if the solution is just a bandaid like Blacksheep. As Butler says, “The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.” That’s the argument that many groups, like the EFF are making (and have been making for some time). Rather than calling for add-ons that alert you to Firesheep or calling for encrypted Wi-Fi, the answer is to implement HTTPS across the Web.
Currently, we demand HTTPS log-ins for our financial transactions. Gmail made the switch to HTTPS in January. And in response to Firesheep, others have followed suit. Hotmail added the option earlier this week, as did GitHub.
But many major websites, including Facebook, Yahoo, and Twitter, have yet to do so.
The non-profit group Access has launched a campaign to draw attention to the problem, arguing that HTTPS should become the “industry standard.”
Until then, you can install EFF’s HTTPS Everywhere add-on for your Firefox browser. It will automatically demand a secure connection if one is available. You can install tools like Blacksheep or Fireshepherd. You can set up a VPN. Or, I guess, you can stay off of Wi-Fi.
