How to Protect Your Online Presence From Firesheep

In case you are not aware, Firesheep is a new Firefox extension that allows anyone to become a hacker instantly. With it installed, anyone can sniff in an open unsecured network the cookies of other computers. With these cookies, the hacker can get into the other party’s accounts (be it Facebook, Twitter or any other accounts) even when they don’t know username and password.

Before you went into a frenzy state, there are ways that you can use to protect yourself from being hacked.

Use a VPN on unsecured networks

Of course, the best practice is to stay off open unsecured network. But if you are urgently in need of an Internet connection and the nearest Starbucks is the only way you can get connected, you might want to consider using a VPN.

There are plenty of VPN service out there, mostly will cost you a small monthly fee. Those looking for free VPN service can check out IBVPN who give out free VPN accounts on a monthly basis.

Use Firesheperd on Windows

Update: The developer of Firesheep has feedback that this Firesheperd software might do more harm than good. Use it at your own risk.

If you are using Windows, you can also use the FireShepherd to block FireSheep. What it does is to make use of an exploit in FireSheep and floods the nearby wireless network with packets designed to turn off FireSheep. This will effectively shutting down nearby FireSheep programs every 0.5 sec or so.

Firefox

If you are a Firefox user, install the BlackSheep extension. What it does is to detect the presence of Firesheep (using fake session ID) and warn you about it. It does not protect you from being hacked, but at least it alerts you to the vulnerabilities of your connection.

secure-blacksheep

In addition, you can force the Firefox to use SSL connection (whenever it is possible) using the HTTPS Everywhere extension.

secure-https-everywhere

Sites such as Facebook, Twitter, PayPal have support for encryption over HTTPS, but most of them only enable it for the login page. For example, after you have logged in to Facebook, you will be redirected to the unencrypted HTTP page. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Google Chrome

Blacksheep is not available for Google Chrome yet, and the closest you can get to HTTP Everywhere is the KB SSL Enforcer extension.

Similarly, this extension redirects the user to HTTPS page whenever is possible. While it is not completely secure against the infamous Firesheep, it does minimize the risk greatly.

Gmail/Hotmail

Gmail has already default all its connection to use HTTPS, but it never hurt to double-check. In your Gmail account, go to “Settings -> Accounts”. Scroll down till you find the “Browser connection” option. Make sure that “Always use HTTPS” is checked.

secure-gmail

In Hotmail, you can also enable HTTPS by going to your Windows Live account and select the option “use HTTPS automatically“.

secure-hotmail

There are plenty of ways that you can use to protect yourself and the above mentioned is only a small list. How do you protect yourself from FireSheep? Or you don’t really care at all?

Image credit: Sultry

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Damien Oh Avatar

Read next

Suzanne Simard sealed paper birch and Douglas fir seedlings inside plastic bags, fed them carbon-14 and carbon-13 dioxide, and nine days later found carbon had crossed between species through fungal threads in the British Columbia soil beneath her boots
A species of jellyfish called Turritopsis dohrnii can revert its adult cells back to a juvenile polyp stage when injured or starving, effectively restarting its life cycle, and biologists have so far failed to identify any natural limit to how many times it can do this.
A Japanese man named Jiroemon Kimura, who lived to 116, was born in 1897 when Queen Victoria still ruled and died in 2013, meaning a single human life personally overlapped with the invention of the airplane, the atomic bomb, the internet, and Instagram
The Hollywood sign originally read HOLLYWOODLAND when it was built in 1923 as a real estate advertisement for a housing development, and it was only meant to stand for 18 months, but nobody ever got around to taking it down and the city eventually adopted it as a landmark
Almost all of the world’s internet traffic does not travel by satellite but through fibre-optic cables lying on the ocean floor, a hidden web of wires crossing the deepest parts of the sea to connect the continents.
People who flip their phone face down on every table aren’t being secretive. They figured out that staying interruptible meant handing their time to whoever rang first
Twitch vs. Facebook Gaming vs. YouTube Gaming: What’s the Best Live Game Streaming Platform?
Chrome Extensions Ownership Transfer is a Direct Threat to You: How to Stay Safe