The Firefox Extension, Firesheep, Proves How Insecure The Web Really Is

When we rely on a tool for very important work we like to think of it as safe.

When we drive a car, we know that the car manufacturer has been inspected by several important figures before they are able to sell it to us.

It is first inspected by the company themselves; they do not want to sell an inferior product so they do everything that they can to prevent that from happening.

Then you will have people that represent the government who will come to do inspections; they want to make sure that everything is safe and there will not be a problem.

After that, when the car hits the market, you will have independent entities such as consumer reports, test out the cars to see how safe they truly are.

This all leads to a product that will be less likely to able to hurt you.

It is too bad that we are not awarded this same level of protection with the web.

While the internet first started as a tool that was just for simple documents, it is now more than that.

It is a tool that allows us to conduct the serious business in our everyday lives.

This is business that, if done wrong, can really harm us.

And we do it in on a medium that has many known security flaws.

Firesheep highlights problems with the internet at large

Firesheep highlights problems with the internet at large

How Firesheep Brings These Flaws To The Masses

The web has a huge security hole that has not been filled.

We leak data all of the time through different ways that we interact with the medium.

Even when we encrypt our data, there is still a huge hole that someone can take advantage of if they are in the right place at the right time.

In most encryption tools, the data is only encrypted while it is tunneled through those particular pipes.

Once it comes out, someone is able to intercept the data unencrypted on the other side.

But the one bright side that we had when it came to a lot of these security holes is that they were hard to exploit – you had to be a black hat hacker that had expertise in certain tools and techniques to be able to get to and attack these weak points.

With Firesheep, that is no longer the case.

This is at least true when it comes to the SSL encryption that is supposed to protect you.

The person who created the tool allows you to do a simple man in the middle attack on people who are on the same network that you are on.

If you log onto one of the main web sites that are listed in the Firesheep directory in an insecure manner, then it will detect it.

Once you detect it, you are then able to log into the web site as that person.

Now if you are a security expert, you might be asking what is the big deal?

You might know that this type of attack has been around for years and that it is no big deal.

The big deal now, however, is that with the Firesheep tool a person can now perform this attack with the click of one button.

There is no planning involved and no need to learn sophisticated techniques; all you really have to do is to push one button.

When you are able to perform an attack like this with such devastating results, with the press of just one button, then you know that you are dealing with a medium that is woefully insecure.

What Can We Do About This Problem?

The Firesheep problem is but one symptom of a much larger problem.

The fix for that problem is to log into a web site with the SSL certificate turned on.

That means that you must make sure that when you log onto a web site, that you have the https symbol in the address bar.

If you do not then you know that you are logging into the web site in an insecure manner.

But that is only one solution in a much larger problem – ultimately, we must start to take the security of the internet more seriously than we do now.

For the internet to move forward as a secure medium, there are protocols that are going to need to be rewritten from the ground up.

If we are going to take it to the next step and place even more important tools on the internet, there has to be a way that we can close the security gaps.

There are no easy answers to this solution.

The internet is a great idea whose time has come but it took the minds of several people to be able to bring about such a device.

It is going to take just as many people to be able to take it to the next level.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. There are now 2 tools to fight Firesheep… one is another Firefox addon called Blacksheep, i cant recall the name of the other one but i believe its a little harder to use maybe.

Trackbacks

  1. […] This post was mentioned on Twitter by S G M, Lee. Lee said: The Firefox Extension, Firesheep, Proves How Insecure The Web Really Is http://bit.ly/aBaI6v […]

Speak Your Mind

*