Firesheep, Blacksheep, and protecting your Wi-Fi data

Firefox plug-in Firesheep illustrates how easy it is to eavesdrop wireless traffic and provides the tool for anyone to do it

Despite the convenience, free public Wi-Fi networks like those found in hotels, Starbucks, and McDonald's are also a serious risk when it comes to your data and personal information. A new Firefox plug-in makes it even easier for tech novices to snoop wireless traffic, making it even more crucial than ever that users understand the risks and take precautions when using Wi-fi hotspots.

The Firesheep plug-in was developed by security researchers to highlight how insecure public Wi-Fi networks can be. Mission accomplished. Unfortunately, the tool works quite well, and its public availability now places a relatively powerful snooping tool that requires virtually no hacking skills or exceptional tech knowledge in the hands of anyone.

Another Firefox plug-in called Blacksheep was developed as a Firesheep alarm. It won't secure your wireless data, and it won't prevent your information from being snooped by Firesheep per se, but it will alert you when Firesheep is in use on the network you're connected to so that you're aware.

Bottom line, wireless networks are not as secure as their wired counterparts, and Wi-Fi hotspots open to the general public are even less secure. If your laptop can connect to a wireless router 100 feet away, then so can any other device in a 100-foot radius of that wireless router--which is why the router should have encryption enabled and require a password of some sort to gain access.

The issue is mainly a function of public Wi-Fi hotspots which generally have a completely open, and unencrypted wireless network available for patrons to join. In some cases, such as hotels, the Wi-Fi may actually use a password to prevent abuse by users who aren't actually staying at the hotel, but those are only slightly more secure because the password is shared with everyone who stays there, and is rarely changed so acquiring it is a trivial matter.

Chet Wisniewski, a senior security advisor with Sophos, implored establishments such as Starbucks and McDonald's to improve security by adopting an encrypted network with a default shared password. The sentiment is admirable, and the solution offered would provide better protection than no encryption at all--and prevent snooping by the current version of Firesheep--but, in the grand scheme it's not much better.

A comment on the Sophos blog explains, "I'm not really sure "free" as password is a great idea, since a password in WPA2 is nothing but a pre-shared secret, which in turn is then used to create a unique key. The problem is, when everyone uses the same password, everyone will end up with the same key, which will be in intended use client and access point, but if someone else knows the password he will be able to come up with the same key."

The commenter concludes with, "You might say now it's better to have some encryption instead of none, but I think that's even more dangerous, because people now will actually think they are secure, and will therefore feel at ease to do more dangerous stuff, while a black hat will actually have just little more inconvenience to decrypt it first based on the password he knows. In fact, a black hat might even be more attracted to such hot spots because he knows people feel more at ease to do dangerous things there."

Public hotspots are convenient. It is nice to be able to kick back and surf the Web while sipping a pumpkin spice latte at Starbucks. Just realize that the Wi-Fi is insecure and limit your activities. Go ahead and read the headlines at CNN.com, but don't check your bank balance, or do anything else that requires entering a username, password, or account number.

If you want or need to do more sensitive tasks over the public Wi-Fi, use a VPN connection of some sort so that there is an encrypted tunnel between your laptop or tablet and the destination you are connecting to.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Firefoxapplicationsbrowser securitysecuritymobile securitysoftwareencryptiondata protectionwireless security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?