Thursday, November 25, 2010

Firesheep: A Process Known as “Sidejacking” - - An Emerging Threat to Free Internet Access Users in a Public Place

Few days back we featured a device, Keylogger, that is threatening the internet users who use the internet on the public places. Such keylogging devices can be used to steal personal information from unsuspecting computer users.

Recently another threat is rising to the innocent users of internet. The culprit: an Internet browser plug-in tool called Firesheep.

Enjoying free Internet access in a public place is a luxury many Canadians take for granted. Coffee shops, for instance, are famous for providing free WiFi hookups, enabling patrons to check their email and browse social networks like Facebook. Yet going online in a public place is becoming increasingly risky, as a new type of tech trickery is being employed by criminals to access your private information, and even hijack your online persona.

Firesheep works by scanning a network in search of any traffic containing a “cookie”—a tiny piece of information that websites transmit to a visitor when they start a session. Most websites protect passwords by encrypting the initial log-in, but don’t encrypt everything else. This leaves the cookie vulnerable and opens the door for someone within range to access the account using Firesheep, a process known as “sidejacking.” Once the intruder is in, they can silently access users’ data from sites like Facebook and Twitter, and send messages and upload pictures.

To combat the problem, Firefox has introduced a plug-in tool called BlackSheep. But it only detects when Firesheep is running and can’t stop it. Unfortunately for the average computer user, the more secure methods of fending off attacks require a certain degree of technical know-how. Ultimately, the best preventative measure is to avoid using free Wi-Fi Internet in public altogether.

This latest attack on social media networks comes as cybercrime is hitting an all-time high. In 2009, according to the IT security firm Sophos, reports of malware and spam on social networks rose 70 per cent. Meanwhile, Hotmail, Gmail, YahooMail and AOL mail are currently fighting to curtail “phishing” scams, whereby users are tricked into giving up certain credentials, such as a password. Last year the number of phishing scams spiked by 200 per cent, according to IBM, and there is little hope that the wave of criminal activity will subside.

Hackers, even the most inexperienced ones, can earn lucrative profits without incurring any expenses, because the tool kits needed to complete the crimes can be found online, for free.

No comments:

Related Posts Plugin for WordPress, Blogger...