WIFI Security Warning

Eric Butler announced the release of a new application this week, designed to expose the vulnerability of open WIFI networks. Unfortunately, his application simply makes it all that much easier for hackers and hacker-wannabes to steal your identity.

Firesheep is an extension for Firefox, the leading open source web browser. Using Firesheep, a hacker logs onto a wireless network, like one you'd find at Starbucks or Barnes&Noble. The hacker runs Firesheep and can see that you are on the same WIFI network, posting an update on Facebook. He double-clicks your name and is instanty logged into Facebook as you. He now has access to your private information, can change your password, and can post obscene status updates to your Facebook wall as if he was you. Not good.

This affects any site that uses "cookies" (pretty much any site you log into), and does not use HTTPS (SSL). This includes Facebook, Twitter, Flickr, and many more. Note that while many sites may use the https:// connection to log you into the site, once in the information is transmitted by standard http:// protocol. That means that while your password was encrypted (secure) when you logged in, your cookies are still floating through the wireless network every time you click, just waiting for a hacker to grab and abuse them.

Please note this does not apply only to laptops. This is for any device you access websites with, such as iPods and iPads and even cell phones if you're connecting via WIFI. It also applies to apps such as Twitter and Facebook update apps.