Cloak your connection to foil Firesheep snoopers

Woody leonhard By Woody Leonhard

In his Oct. 28 In the Wild column, Robert Vamosi showed how easy it is to snoop a Wi-Fi connection using a clever Firefox add-in called Firesheep.

If you’re serious about protecting your surfing from prying eyes while on an unencrypted public Wi-Fi connection, the onus is on you to lock down your connections. Using virtual private networking (VPN) is one of the best ways I know to do that.

Firesheep has raised the awareness — and hackles — of Wi-Fi users all over the world. It exploits an old, well-known problem called sidejacking. Eric Butler, the author of Firesheep, describes the situation succinctly in his Firesheep post:

“When logging into a Web site you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a ‘cookie,’ which is used by your browser for all subsequent requests.”

Most Web sites protect your username and password with a secure HTTPS connection. Unfortunately, many immediately drop back into insecure HTTP once a visitor is signed in — and the site sends its cookie back over a now-insecure connection. Anybody snooping on your conversation can make a copy of the cookie and use it to interact with the Web site in precisely the same way you do. This is a process known as sidejacking.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



= Paid content

All Windows Secrets articles posted on 2010-11-04:

Woody Leonhard

About Woody Leonhard

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies. His many writings tell it like it is — whether Microsoft likes it or not.