HOW TO: Protect Yourself From Firesheep With a VPN
A wildly popular new bit of malicious code called Firesheep is making the rounds among script kiddies and black-hat hackers; it allows them to access the cookies of any user on a non-password-protected wireless network. Once the ne’er-do-well in question is on the same public network as you, he or she can save and use your cookies to access your accounts (e-mail, Facebook and many other types of accounts, as well) through a point-and-click graphic interface.
In the words of the person who created Firesheep, “As soon as anyone on the network visits an insecure website [Facebook, Gmail, etc.] known to Firesheep, their name and photo will be displayed [in the Firesheep interface]. Double-click on someone, and you’re instantly logged in as them.”
For businesses with remote employees, Firesheep is a particular danger, as it potentially compromises your company’s data and accounts any time a worker logs in from a coffee shop, Internet cafe or other public network.
The practice is known as session hijacking; if you’d like more information on how the code works, check out this post on Firesheep’s technical details.
This code is being downloaded at an astonishingly high rate; although we don’t like to resort to scare tactics, we can’t currently recommend browsing on a network that isn’t password-protected.
As long as the network you’re on has any kind of password — even a publicly available password or an obvious password — Firesheep won’t work on that network. However, if you’re using public Wi-Fi at a Starbucks, a hotel lobby, a college campus or anywhere else where you don’t have to enter a password before getting access to the network, you’re putting yourself at risk.
Firesheep even works on airplanes, where the networks allow you some preliminary connection to the network before letting you browse the Internet.
There is a safe way to access Wi-Fi on the go. It might give you a slightly slower connection; it might even cost you a bit of money. But until the general mess that’s been caused by Firesheep gets sorted out, it’s better to take a few precautions than to let some random black hat steal your Internet accounts.
What’s a VPN?
A virtual private network (VPN) is the easiest way (other than avoiding unsecure Wi-Fi altogether) to prevent yourself from a Firesheep-powered attack.
VPNs create a private tunnel through the public network, protecting the user from any prying eyes (or packet sniffers) on his way from destination to destination online.
VPNs were used a lot during the Irani election and protests; they’re also used a lot in China and in other areas where access to the Internet is restricted.
Another group that uses VPNs frequently is corporations. Employees often need a safe way to access very private and sensitive information from a public network; VPNs provide security and access. (For more information on corporate use of VPNs, check out this HowStuffWorks article.)
The downside of using a VPN is that you may notice a drop in your connection speed. You might also have to pay for your secure Internet access.
The upside, with specific regard to Firesheep, is that you can sit elbow-to-elbow with a black hat hacker in a coffee shop and know that your data is safely encrypted.
A Few VPNs to Try
If you’d like to protect yourself and have a more secure browsing experience from a public network, we recommend that you try some of these VPNs and use one every time you log onto a public Wi-Fi network. This is definitely one case where an ounce of prevention is worth a pound of cure.
Note: Need to set up a VPN on your iPad? Yes, yes you do. Here’s a tutorial that will get you through the process.
* LogMeIn Hamachi2
Cost: $33 per month for commercial use, free for noncommercial use
What It Does: “LogMeIn Hamachi² is a hosted VPN service that securely connects devices and networks, extending LAN-like network connectivity to mobile users, distributed teams and business applications. You can easily create secure virtual networks on demand, across public and private networks.”
* OpenVPN
Cost: FOSS
What It Does: “OpenVPN Technologies has designed and deployed a virtual network software that provides secure, reliable, and scalable communication services, not only fulfilling the requirements of the traditional virtual private network (VPN) market, but also addressing the demands of next wave web-scale VPN services. OpenVPN, our award-winning open source VPN product, has established itself as a de-facto standard in the open source networking space, with over 3 million downloads since inception.”
* WiTopia personalVPN
Cost: $39.99 per year
What It Does: “PPTP is a good basic VPN for customers desiring simplicity and ease of use. Most computers and smartphones have compatible PPTP software already built in, so you don’t even have to install anything to use it.”
* StrongVPN
Cost: Starts at $7 per month
What It Does: “VPN accounts are a 128-bit encrypted tunnel between your computer and one of our servers… Security for hotspot wireless access users.”
If you have other VPN recommendations, please share them with our other readers in the comments, and safe surfing.
-source
No comments:
Post a Comment