ID theft is just a click away
November 2, 2010 11:23 PM
The threat of identity theft is an omnipresent fear in the digital age we live in.
For many, the thought of phishing and stolen credit card information has been enough to send the masses running to free credit reporting sites and antivirus software in the hope of protecting themselves from online threats.
However, a newly developed extension to the Firefox web browser could make the process of stealing an identity easier than ever before. The program, known as Firesheep, makes virtual identity theft a breeze by streamlining the process of session hijacking into an easy to use graphic interface.
Many agree the program has intimidating implications, however, in practice the overall belief seems to be that Firesheep will be beneficial to Internet users at large and that it is more of an intimidating thought than a true threat to Internet safety.
"Posting to discussion forums, sending email, publishing a Facebook site and web browsing are all about as secure as stapling a paper copy of your messages to a telephone pole," said SF State computer science professor Marguerite Murphy. "Telephone poles are usually a pretty secure way to communicate - not because folks can't look at your message, but because most folks will not bother to do so."
Basically it works like this: if you're on an unprotected network and you're browsing websites like Facebook, Twitter, Amazon or others recognized by Firesheep, any user on that network with the program installed can access your account with the click of a mouse.
"This is something of a big deal because this threat has been theorized and executed to a smaller extent for several years by lesser known wireless sniffers," said Mig Hoffman, SF State's information security officer. "The big difference is this developer made it super easy by developing a plug-in for a popular browser and building all the functionality in via a point and click interface and adding the sniffing of cookies."
The genesis of the program was based on what the creator saw as irresponsible flaws in the security of some of the most visited websites on the net.
"Websites have a responsibility to protect the people who depend on their services," said Firesheep co-creator Eric Butler in a blog post. "They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win."
According to Butler, websites such as Facebook fail to adequately protect their users from the threat of an account takeover.
Because of this, he and others saw the program as necessary to force insecure websites to step up their security measures.
"Firesheep does expose security issues present in said sites and the web in general," said Teague Sterling, 24, a senior majoring in computer science at SF State. "I suspect these specific vulnerabilities will be corrected by the targeted websites soon."
Though the program is an extension of Firefox, it can work with any Internet service provider on any network, whether it be WiFi or Ethernet connected.
Although WiFi networks are more susceptible to hijacking than others, the real problem stems from the less than secure HTTP protocol used by the large majority of websites that does a poor job of keeping the log in information of users anonymous, according to Peter Eckersley, a senior staff technologist for the Electronic Frontier Foundation.
The EFF also recently released an openly downloadable program known as "HTTPS Everywhere" to help keep accounts secure. It forces browsers to use the more secure HTTPS protocol when accessing websites.
"Any website that offers accounts, hosts private data, or wishes to protect it's visitors' right to read in private, needs to use HTTPS and never use HTTP," Eckersley said.
POST A COMMENT
|BACK TO TOP|| |
Copyright © 2008 [X]press | Journalism Department - San Francisco State University