Saturday, October 30, 2010

Important: Steve Gibson Explains Firesheep

with Leo Laporte on Security Now.  If you never watch another TWiT video/pod cast, you should probably watch this one.

A new Firefox extension, Firesheep by Eric Butler, allows anyone at an open WiFi hot spot (e.g., current, typical Starbucks) see your face, your Facebook and other sessions on other services and have full access to your stuff and whatever you're doing.  They can look at your pictures, change them, make posts, change your profile and even reset/change your password.

The fix is simple:  If  you didn't type in a password to access their WiFi, then it's not secured.  If you typed in a WiFi password (technically, if they use WPA encryption), then all is okay.  Hopefully everyone involved will fix this as soon as possible.  Until then, beware.

Some sites are secured against this themselves, e.g., Gmail, such that it's not a problem, because they force the use of SSL (https://).

Note that there's a brief chunk of news discussion in the early middle of this video.  You may want to skip ahead to 44m30s.

For computer folks who may be wondering, the blinking lights behind Steve Gibson are old PDP-8 computers!   8-)