Yesterday I wrote about the Firefox extension Firesheep and how it could steal information from those on an unsecured wi-fi while connected to Facebook, Twitter, or other social networking sites. But the question everyone was asking is if Firesheep really works? Unfortunately the answer seems to be yes. Reports are coming in that show how simple it is to steal the identity of social networking sessions and pretend to be you. This could pose a real problem if the hijacker posts something to your  friends or family that may be unflattering or obscene.

In one report it stated that:

I dash to one of my favourite coffee places close by (which I also knew had open wifi) after getting Firesheep all loaded up (it took less than a minute). I order a latte, settle in and …

Holy crap.

Just like everyone said, running Firesheep I could see who was logged into Facebook and a bunch of other sites and with a double-click be that person.

If you frequent a place that has open wifi, ask them to put a password on it. If you lock down your wireless network, then that’s it. Firesheep isn’t a problem. If you’re slightly techie and know how to do this, offer to help. For free.

Some are advocating using the Firefox extension Force-TLS add-on to prevent being hijacked on unsecured connections. But read the reviews first. Some people have noted some issues. Another is HTTPS Everywhere which is currently in beta. I didn’t provide a link because I believe you should wait until it hits the street in full running gear, before trying it.

The simplest way is to avoid social networking when on an unsecured connection.

Comments welcome.

Firefox add-on Force TLS

Source – TNW