Is a secure website really safe? - WSFA.com: News Weather and Sports for Montgomery, AL.

Is a secure website really safe?

Posted: Updated:

CHARLOTTE, NC (WBTV) - Savvy internet users know to look for the "httpS" when performing sensitive internet transactions.  However, a new program called FIRESHEEP highlights a silent threat that could create real issues for you. 

It's something called "sidejacking". The word is a mashup of hijacking and sideline.  This happens on unsecured Wi-Fi hotspots. 

Imagine you are using unsecured WiFi to shop at Amazon and check your Facebook account.  A cybercreep could be sitting on the "side", sniffing traffic on the unsecured Wi-Fi network, and that allows them to hijack session cookies. 

If they hit you at the right place and the right time, they might be able to see your Amazon.com browsing and sometimes gain enough access to read your Facebook or make their own posts there.

If you are on your home or work internet connection, you'll be okay.  If you are on an unsecured WiFi network, there is a hidden flaw that happens AFTER you login that could leave your sessions wide open to a cybercreep hacking in. 

WBTV's Cyber Expert, Theresa Payton, explains how this works and what you can do to protect yourself.

Most websites do a great job when you first login and give you a secure place to login.  But we've recently learned that some of the most popular websites do not always provide you with a secure page AFTER log in leaving your session cookie open for people to follow or use.  

You are still okay at that point, unless you are using unsecured WiFi and a cybercreep happens to be around. 

Just to show how serious this is, Theresa told us about a new program called, Firesheep.  It was created by a developer to show how easy it is to steal information on unsecured wifi when the person is using the Firefox browser.  It allows someone to steal cookies and look at your activities on sites like Facebook.

Firesheep targets 26 popular sites – Amazon.com, Google, Facebook, Twitter, Foursquare are among them.  

Firesheep highlights problems for Firefox but this problem exists across all web browsers.

Theresa offers TIPS FOR SAFE SURFING ON FREE WIFI:

  1. ASK:  Ask someone that works there what the legitimate network name is
  2. NON SENSITIVE:  Avoid conducting sensitive transactions while on the free WiFi
  3. UPDATED SOFTWARE:  Make sure your browser and antivirus software are up to date
  4. TURN OFF AUTOMATIC CONNECTIONS:  Turn off automatic wireless connection so you always have to grant permission and you know the name of the network you are connected to.
  5. TURN OFF BLUE TOOTH AND SHARING:  If you have sharing or blue tooth enabled on your laptop, turn it off before you connect.
  6. CONFIGURE YOUR BROWSER:  You can configure your internet browser to "HTTPS Everywhere" or "Force TLS Configuration" both provide different options for forcing your session information to be handled via secure pages.
  7. PERSONAL FIREWALL:  Consider using a personal firewall.  Most newer Macs or Windows computers have this option available. 

Web Resources:

You can review a demo on how Firesheep works on YouTube:  http://www.youtube.com/watch?v=zi2r7oVLUEc

Powered by WorldNow