Several months ago I brought to the attention of users at another forum, a software program known as “Firesheep” (http://www.youtube.com/watch?v=O3NAM8oG)
This computer based program allowed “creepers” to view online sessions in places like Facebook, Twitter, Google, and Amazon where a user was accessing these sites via an open and unsecured WiFi network. These networks are often called hotspots and can be found in places like Starbucks, BC Ferries, and some municipalities, like Langford, where they offer free WiFi networks to their residents. A Firesheep user would walk into Starbucks, open their laptop, flash up Firesheep, and then watch what others were doing online. Those in the criminal element are using it to steal personal information for the purposes of identity theft, fraud crimes or even extortion.
Recently a new software program for the Android phone called “faceNiff” (http://www.youtube.com/watch?v=dZ5-sytC3K8) has been made available to the general public. This program basically does the same thing as Firesheep, but instead of using a laptop, the user can now use their Android cell phone. As of today, faceNiff only allows users to spy on those who are using Facebook, Twitter, or Youtube over an open and unsecured WiFi network.
As I mentioned in my original posting, I have Firesheep and it is amazing how easy it is to use, and more importantly, to see first hand how often people who are using open WiFi are exposing themselves, and sharing information that a criminal can use for identity theft, fraudulent crime and even cyber extortion.
As technology and the internet become more common and enabling, the disinhibition effect will also become more common specific to protecting our personal information.
So how do we go about protecting ourselves when it comes to Firesheep, faceNiff, or any other snooping program while using our mobile devices?
1) Don’t use open and unsecured WiFi Networks; this is especially important when doing any kind of financial transactions, such as purchases of goods, or online banking.
2) When using a social network, connect via their “https://” connection. Notice the “s.” Social networks like Facebook now offer this option that you have to “opt-in” to, which encrypts communication back and forth when in use.
3) Understand that whenever you are using an open and unsecured WiFi network, there will likely be someone watching what you are doing.
In today’s world, private information has a cash value to the criminal element that will use this information for identity theft, fraudulent crime, or even cyber extortion. Be very careful about how you use open and unsecured WiFi networks.
Digital Food For Thought
Darren Laur
AKA #thewhitehatter
