Description: Firesheep — a month-old Firefox plug-in that anyone can use to sidejack your free Wi-Fi session — is gaining attention in tech-security circles.
Source: USA Today
Any time you use a free public Wi-Fi hookup — such as those you find at Starbucks and many airports — your risk of having someone sitting nearby commandeer your session is imminent. That’s because most free Wi-Fi hookups are unencrypted.
Sidejacking has been around since at least 2007. It’s considered an obscure attack vector. However, no one we know of has yet done a comprehensive study to measure how often sidejacking actually takes place. Firesheep was unveiled on Oct. 25 by Eric Butler, a Seattle-based Web application software developer and researcher. Good guy researchers like Butler are referred to as white hats. White hats try to beat black hats — bad guy hackers — to the punch in finding fresh security flaws. White hats release their findings to start public discussions. Their goal is to prompt quick fixes and thus do their small part to improve overall security. Click here for rest of story
Questions for discussion:
- What is Firesheep and what are the security concerns of this product?
- Is sidejacking a real threat or just driven by alarming media reports?
- What is the difference between a white Hat hacker and a Black Hat hacker in regards to Firesheep?