By Woody Leonhard
In his Oct. 28 In the Wild column, Robert Vamosi showed how easy it is to snoop a Wi-Fi connection using a clever Firefox add-in called Firesheep.
If you’re serious about protecting your surfing from prying eyes while on an unencrypted public Wi-Fi connection, the onus is on you to lock down your connections. Using virtual private networking (VPN) is one of the best ways I know to do that.
Firesheep has raised the awareness — and hackles — of Wi-Fi users all over the world. It exploits an old, well-known problem called sidejacking. Eric Butler, the author of Firesheep, describes the situation succinctly in his Firesheep post:
“When logging into a Web site you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a ‘cookie,’ which is used by your browser for all subsequent requests.”
Most Web sites protect your username and password with a secure HTTPS connection. Unfortunately, many immediately drop back into insecure HTTP once a visitor is signed in — and the site sends its cookie back over a now-insecure connection. Anybody snooping on your conversation can make a copy of the cookie and use it to interact with the Web site in precisely the same way you do. This is a process known as sidejacking.