Wireless hotspots and the boater

Do you use unsecured wifi spots to access email or facebook? Most cruisers do. Even if you are a land lubber and use a "secured" wifi spot, do you trust everyone else on that network enough to know that they wouldn't read your email or check your facebook messages?

You might want to take a moment to read this article or google "Firesheep".

Someone recently used Firesheep to log into my Facebook account and try to chat with my friends. Thankfully they did not change my password and thankfully I have my gmail accounts set to use https already so I don't believe they could access anything else I was using.

I am by no means a tech expert but after reading a bit, here is what I've done:
- Installed the HTTPS Everywhere plug in to the Firefox browser on both of our computers (Firefox is our primary browser) and changed the setting of that plug in to include Facebook. From their site "Turn on the "Facebook+" rule. You can do that in the Tools-->Add Ons-->HTTPS Everywhere-->Preferences menu"
- Installed Adblock Plus on both computers.
- Verified that all 4 of our gmail accounts are set to use https (Settings-->General-->check "always use https")

Anyone else know more? Please weigh in if so.

2 comments:

  1. I know nothing about this. Is it only Firefox users that are vulnerable or is it the same on any browser?

    ReplyDelete
  2. Hi Mike - My understanding is that it is any browser but that it is easiest to "fix" in Firefox. Apparently most sites we use encrypt our password but then put an "authenticated" cookie on our hard drives which is sent back and forth. Snoopers on your same network cant see your password but can see the cookie, copy it and use it to talk to the services as if they were you logged in. Meaning they could read your email, change your password, send messages, etc. Gmail uses https as a default (the 's' apparently means that the cookie is encrypted also..I think..we're getting into fuzzy territory for me there). The add-on to firefox forces other sites to use https as well (but not all, just many of the main ones).

    Apparently banks already use https for everything.

    ReplyDelete