I love the new firefox plug-in that allows you to view user sessions. It is a simple plug-in called firesheep that uses winpcap to capture packets and hijack web sessions. If you have not heard of this head on over to firesheep and read more
What I find funny is the fact that people are all worked up about their security and the fact that others could see what they are doing. I am amazed, that people somehow think that a wifi hotspot is secure. I’ve seen people do online banking at starbucks, or a few online purchases at BigB’s. If you are not sure of who is giving you WiFi (public wifi does not count) than don’t do anything that you would not want the person to see next to you.
Firesheep is a good example of this, it no longer takes a “computer guy” to be able to sniff packets and basically snoop on your browsing. It is now a simple click and install and watch other’s facebook info…
Here is a great article about the legality of using firesheep. (http://www.computerworld.com/s/article/9194159/Is_it_legal_to_use_Firesheep_at_Starbucks_)
I find this interesting, basically the argument would be that you are doing something illegal by use of wiretap. I would equate firesheep to the same as two people in a coffee shop talking. One person is next to you and the other is all the way across the room. The person next to you is yelling at the top of their lungs to communicate to the person on the other side of the room. Hey may be yelling his credit card number to be able to purchase a coffee drink, or maybe his username / password to his bank account to allow the other guy to enter it into the computer for him. The same is when you share a wireless (wifi) network with your closest friends at a coffee shop you are basically yelling your information over the wire (or wireless in this case).
If a person decides to listen, is that illegal? Aren’t you and that other person sharing the same space , communication, it’s not illegal to both communicate. When does it become illegal to listen?
If you are concerned about people snooping, use some type of security tunnel to your home network, use ssl everywhere, or setup a vpn. If you don’t know about these things and would like some help, give me a call or email. I can help you understand how to do this and also why to do this.
There is now a little firefox plug-in for detecting firesheep called black sheep. http://www.zscaler.com/blacksheep.html Reminds me of the fuzz buster.. then there was the radar detector detector….