Side-Jacking

Its been in the news, you've heard about people being side-jacked.  This is one of the things you need to understand and defend against when using unsecured wifi. 

Sidejacking used to be the stuff for only the most serious hackers, but in October 2010 Eric Butler released a browser add-in called Firesheep that allows users on a public Wi-Fi network to effectively spy on others.  All a spy has to do download and install a few pieces of software.  The instructions are all over the internet and the procedure takes less than 5 minutes, and requires no technical knowledge.  When I looked at it, the sidejacking software had been downloaded more than two million times!  So its pretty widely used. 

Firesheep grabs sensitive information (via cookies) that was tranmitted using HTTP.  Websites that you login to, use cookies to know who you are.  Session Data (cookie information) is passed with each each transmission between your computer and the website that issued the cookie. 

The side-jacking vulnerability happens when a site flips you from https to http.  As you should  know HTTP travels between your computer and the destination web site in plain text.  HTTPS travels over the internet scrambled on unsecured wifi. 

Side Jacking with firesheep
Video: http://www.youtube.com/watch?v=hIwfgnUGOys

So how can you protect yourself from side-jacking?

First of all, secure your private wifi.  Many Vista Royale residents have not taken the time to secure their wireless routers so they run these same risks at home as they do on public wifi.  Wireless routers often come with security disabled, or with the security set to WEP which is very weak security and easily broken.   Securing your router with WPA2 or WPA and a strong pass word protects your data from prying eyes by scrambling all your air born network traffic traveling from your computer to your router. 

If you must use public wifi many sites will allow you to use HTTPS all the time, but will revert to HTTP if you didn't specify.   For example google.com will allow you to use HTTPS all the time, and never force you into HTTP.  By bookmarking the HTTPS version of the site you can avoid any HTTP portion.  The video also talked about using "HTTPS everywhere" an extension for the Mozilla Firefox browser, that keeps you in HTTPS on servers that allow it.

Being well informed can keep you safe.