Firesheep
You’ve probably read about Firesheep, the Firefox extension that scans an open WiFi network for unencrypted cookies issued by various popular sites—including Amazon, Facebook, Google and Twitter—and lets you log in as any user it can find.
Until the sites in question fix this long-standing security hole, here’s a few things you can do to help prevent less scrupulous types from ‘sidejacking’ your accounts:
- Use a VPN.
- Use an SSH SOCKS proxy.
- If you use Firefox, install HTTPS Everywhere and/or Force TLS.
- If you use Chrome, install KB SSL Enforcer.
The above are only partial solutions—you could easily broadcast existing cookies before a browser extension kicks in, and VPNs and SSH proxies are only encrypted as far as their endpoints—but they’re better than nothing.
