Yet Another Reason To Be Careful On Unsecured Networks

by on Nov 14, 2010 | 0 comments

As you should hopefully know by now, you should always be extremely careful with data you access over an unsecure wireless network.

You may have seen recent tech press being given to a Firefox add-on called Firesheep which allows people to hijack valid login sessions:

The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on their name.

The extension was created as a proof of concept that many web sites only encrypt the login process and not the cookie created from it, and only posing a security risk that is exploited by the extension.

Alternate to this, someone can easily snatch your user name and password information to sites which use unsecured login pages (HTTP instead of HTTPS) using freely available tools as outlined here:

When a wireless network card enters into a ‘Monitor Mode’, it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass [free tools] will be able to show you the packets data.

Needless to say, these are certainly things to be aware of.

While every banking site and just about every email provider uses HTTPS (for logins at least), stuff like this just goes to show you that when you work on unsecured network you are opening yourself up to risk. The moral of this story is, again, just be careful what you access on a public network as you don’t know who could be running tools like this from the corner.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

Discuss This Article (Without Facebook)

Leave a Reply

PCMech Insider Cover Images - Subscribe To Get Your Copies!
Learn More
Every week, hundreds of tech enthusiasts, computer owners
and geeks read The Insider, the digital magazine of PCMech.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: