Firesheep and social network security: What you need to know

Social network security is all the talk this month, as Firefox recently launched it’s Firesheep plugin. In a nutshell, the new plugin makes it possible for users to hijack other people’s social network connections if they are using a public Wifi connection.

How does it work? Most social networks, including Facebook, authenticate clients with cookies. If someone is using a public WiFi connection, the cookies are sniffable. Firesheep uses wincap to capture and display the authentication information for accounts it sees, allowing the user to hijack a connection.

Sounds like a potential problem for social network users in airports, hotels and the other 1,000,000,000 places that offer public Wifi. And how about businesses that employ remote agencies, consultants or employees to manage their social networks?

Fortunately, there are a few ways to protect yourself or your business from social network hijackers. The most basic include:

READ

How Continuous Testing Is Hitting Shift Left On Security

1) Only visiting sites using HTTP Secure (beginning with https://), which make user cookies invisible to Firesheep.

2) Downloading the Firefox extension Force-TLS, where you can assign and force which sites you want to use the HTTPS protocol.

3) Trying a program like HTTPS Everywhere, which forces every website you visit to use HTTPS protocol.

What about those who own or manage social network or other hijackable websites? In order to protect your users and keep your website secure, try adding a SSL certificate to your website. A Secure Link SSL certificate shows visitors that your web site is safe for them to submit their personal data and gives users peace of mind when navigating the social web.