SECURITY UPDATE: While this post has not yet been updated, this vulnerability can also affect WIRED as well as WIRELESS networks. More info soon.
It May Have A Funny Name … But FireSheep Could Be Your Nightmare….
As an IT professional well before social media began booming, I’ve “met” a crazy amount of bugs, hackings, vulnerabilities and exploits.
A couple days ago I stumbled across something that gave me … a mobile, social media professional… a shiver.
What if you lost access to majority of your social accounts tomorrow?
It could happen…
Use an unsecured Wireless connection? (home or Starbucks etc)? DON’T DO IT!
This exploit allows users to “listen in” on an open wireless connection (think about that free Wi-Fi at Mc’Donalds) and when anyone goes to connect to a site such as Facebook, Twitter, Google…. the hacker can log into your account instantly!
Yup, you got it…
The minute you connect you have given the other guy full total unrestricted access to the account you connected with.
If you’re like me and bounce around between several accounts, in a 30 minute browsing session you’d would be screwed.
To make matters worst, this exploit has been released along with how to use it, to the general public… causing this massive vulnerability to spread like wildfire and to fall into the hands of everyone from criminals to bored teenagers at the same time.
This exposes that these sites have not cared enough about your security to use SSL connections (that’s when you see https:// rather than http://)… and while this bad of a breach may have arguably been needed to wake everyone up… and it is down right scary.
What this does … coupled with the huge risk you take ANYTIME you use an unencrypted wi-fi connection… could cost you badly.
Here’s what to do about it:
Maybe you don’t use a laptop or wireless (or wi-fi on your cell phone) but odds are you are connected to someone that does.
Guys and gals… this one is “FOR REAL”… and the word MUST get spread.
The “Average User” is so soured on the privacy issue that many of them have flat out refused to accept this as real or to grab at least the free protection available rather than give up their Starbucks Wi-Fi.
However, you, like me, are not an average user. We have a business built on these platforms and loss, maluse, or defamation on these accounts could REALLY HURT.
This is not the ongoing “piddly” little privacy breeches Facebook has suffered from…. this is ALL of your content on a massive number of sites handed straight over the minute you try to log in.
In theory this could easily include your WordPress login as well.
I’m honestly a lot less worried about someone intentionally targeting “you/me” than I am about them targeting a location (think busy NYC Starbucks)… and a lot less worried about a “certified criminal” than the teen vandal that does not understand what defacing your accounts will do to your business. All it takes is one bored neighbor kid to have a mess on your hands.
Speaking of kids, teens are avidly sharing this information around and enjoying “playing” with the plugin. It would be a wise idea to see that your child isn’t joining them.
Please take the security threat seriously even if you are on a non encrypted wireless router and live in apartments or even closely spaced housing. Technically someone two-three houses down can generally see your router and use this.
PS: Share the post, please?