I’ll Have a Latte, One Sugar, and No Hacker, Please

Open Wi-Fi networks, available at many cafes, airports, and other public places, have become more susceptible to cyber “hijacking” than ever before. 

Eric Butler was merely trying to prove a point when he created “Firesheep” last year, as he’s told several media outlets. He saw how loosely-guarded many Web sites were, and how easy it would be for a hacker to do some damage to an individual’s account on any number of profile-driven sites (think Facebook, Twitter, Amazon, etc.). He created this easy-to-use hacker program to simply encourage Web sites to beef up their security.

In the meantime, more than a million people have downloaded the program, according to The New York Times.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

So what is it, exactly? Firesheep is a program that can be downloaded for free and “attached” to Mozilla Firefox, a popular Internet browser.  According to Steven Hoffer, a contributor to AOL News: “Firesheep works by collecting information from Internet “cookies” — the temporary Internet file containing your username and password that a website like Facebook or Twitter will send back to a computer so users can enjoy the Web site without logging in each time they click on a new a page. Firesheep simply sends a notification each time a new user name and password is available, and entering their Facebook account is just a double-click away.”

It may sound complicated for some–but it is alarmingly simple for many.

Butler has stood by his invention. “Websites have a responsibility to protect the people who depend on their services,” he wrote in his blog. “They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win.”

And there is a solution. Web sites, specifically account-driven sites that require usernames and passwords, need to be designed using “https” code instead of the standard “http.” This design adds layers of encryption to all the pages on a site, beyond the log-in page (which is usually the only part of a site to be encrypted). A site that has “https” code throughout its pages will have a URL address that starts with https:// instead of http://.   

Some sites are making the changes, but not all, and not fast enough. Gmail, Google’s e-mail service, has “https” code from the log-in page to any other part of the site. Facebook, on the other hand, is “rolling out” its “https” code in phases, according to PCWorld. So far, users have to opt-in to having the more secure code activated when using a public Wi-Fi network. Some worry that using “https” code throughout a Web site would slow it down too noticeably.

Whether you see an “https” or “http” URL address on the site you’re using–open Wi-Fi networks are no longer as convenient–or safe–as the public hoped they would be.

«