November 2nd, 2010 | Uncategorized

Looting log-ins with lambs

Yale ITS wants people to remain sheepish about their private information. ITS sent out an e-mail Tuesday warning students about a Firefox add-on, Firesheep, that can potentially compromise log-in details with Facebook, Twitter, and other popular online services.

Firesheep was released by Seattle web application and software developer Eric Butler to demonstrate how has easy it is to hijack online sessions. The add-on allows people on open Wi-Fi networks to potentially assume the network identity and log-in credentials of anyone else on that same network.

ITS gave pointers to prevent identity theft:

Firesheep is only a threat when a computer is connected to an “open” network (either unencrypted or using a shared key). Examples of open networks include coffee shops, YaleGuest and Yale wireless networks.

How to protect yourself:

  • Avoid public Wi-Fi networks that aren’t encrypted.
  • Do not use the YaleGuest or Yale wireless networks.
  • Use YaleSecure for wireless. Firesheep is not a security threat when connected to a secure encrypted (e.g. WPA/WPA2) Wi-Fi network (such as YaleSecure, YaleWPA/WPA2) or most wired switched Ethernet.
  • Use VPN if you absolutely must connect to a public Wi-Fi network.

If only we were back in a time when people stole sheep, not log-ins.