Most people think that the only people that could hack into their personal data on their computer or snoop on their Internet activity is someone who is involved in the government, or someone that spends all of their time stuck to a computer and knows the ins and outs of everything involved with computers. What these people don't know is that while you are sitting in a Wi-Fi hot spot, your Internet activity could be being watched by someone who is sitting right next to you. A free program, called Firesheep, was released in October and is allowing anyone to access what other users of an unsecured Wi-Fi network are doing and then allow them to log onto these sites as the other person. Because this happened sparatically, website administrators are scrambling to add additional protections to block out this program.
Eric Butler, creator of Firesheep, says that he created this program to show that a widespread issue in website security is being ignored, and that it points out the lack of end-to-end encryption. Basically, while the password that you enter on password "protected" sites such as Facebook, Twitter, Amazon, eBay, etc is encrypted, the web browser's cookieis often not encrypted. Firesheep gets that cookie and allows these people that have Firesheep to log on and be you on these sites. This program isn't just now coming out to cause problems. It is said that over a million people have downloaded this program and are using it.
The only sites that are protected from this program and from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. Paypal and many banks do this, but there is a shocking number of those who do not. The biggest reason for why all websites won't go along with encrypting all communication is because it will slow down the site and cause a huge engineering expense.
Although it is only available to a small percentage of its users and has its limitations, Facebook has recently offered protection as an opt-in security feature. Although this seems nice, it will eventually block out all major applications on Facebook, making most users not want to accept the protection. Either that or they just won't even know about it. Joe Sullivan, chief security officer at Facebook, says that they hope to have this available to all users in the next couple of weeks.
You may be thinking, "Then I just won't go to free Wi-Fi hotspots. I'm protected at home.". You're wrong. Specific Wi-Fi cracking programs are available that work by faking legitimate user activity to collect a series of clues to get the passwords that you may enter into your computer. It is becoming more and more easier to get the password to your wireless router, making it easier to access other information.
It is pretty rediculous that we can't even be safe in our own homes with our security locked routers and Wi-Fi. You have to basically watch your back now wherever you go, and know the specifics of almost every website that you visit to know that you are fully protected. But, really, how many people really think that they need to do such a thing? Most people are unaware that things of this nature even occur. Why aren't these the top news stories on the 6:00 news?
Article Name: New Hacking Tools Pose Bigger Threats to Wi-Fi Users
by: Kate Murphy
http://www.nytimes.com/2011/02/17/technology/personaltech/17basics.html?_r=1&ref=technology
No comments:
Post a Comment