Firesheep? Should I be worried?

There is a new program that is widely available to the public - Firesheep - that is being used to grab login information for various websites from public wireless hotspots. All you have to do to be vulnerable is log into a site using a wireless connection in a public place.  Since we offer a wireless connection at the library, I thought I'd explain what is going on and how to protect yourself while using our wireless service.

First, the best thing you can do is not log into anything (email, social networks, etc.) while using a wireless hotspot. This may be a little unrealistic, so you may want to use the Firefox browser and the ForceTLS extension for that browser. Together, they force secure connections to websites - which protects your login credentials - whenever they are available. Be sure that you check for a little gold padlock at the bottom of your screen when you are getting ready to type in your user name and password into any site - that will indicate that you are using a secure connection and will give you some protection from this software.

Many sites are working on securing their login pages right now - when that is universal (when every login page you see includes that little gold padlock), this software will no longer be dangerous. Until then, please be careful when logging into anything on a wireless network such as the library's. You never know who is out there watching the traffic between your laptop and the web site you are visiting!

More information:

Commenting on this MRRL Blog is closed.