Computer Repair

Hijacking threat a bit sheepish

Published on: November 2nd, 2010

This article originally appeared on The Chronical on November 2, 2010.

Computer Troubleshooters Toowoomba owner Neil Sciffer has had first-hand experience with the new program that can hijack private Facebook, Twitter and email accounts and leave the owner feeling a little sheepish.

It’s called “Firesheep” and it spells “baa-baa-bad” news for Toowoomba residents without a secure wireless internet connection.

Mr Sciffer said he tried downloading the Firefox plug-in and was quite alarmed by how easy it was to take over private accounts of anyone using an unsecured wireless network.

“It’s certainly quite insidious,” Mr Sciffer said.

“Thankfully, it can’t track your username and password details, but it’s certainly the easiest way I’ve seen to take advantage of someone’s unsecured wireless connection.”

Mr Sciffer said Firesheep works by preying on “cookies” – far less delicious than it sounds.

Cookies are unique log-in information that is stored on your computer when you visit a website to retrieve information for future visits to the site.

Firesheep can access the cookies of unsecured wireless users and use the stored information on the computer to log into almost any of their private accounts.

Sites which require you to type in your password every time you visit such as bank websites are safe from Firesheep, as the program cannot read username and password information.

Mr Sciffer said the best way to avoid your personal online accounts falling in the hands of a bored prankster using Firesheep is simply to avoid unsecured wireless networks.

“Setting up a password or securing your broadband connection is very easy to do,” Mr Sciffer said.

“Even things like the free wi-fi at McDonalds can leave your computer at risk from programs like Firesheep.”

Firesheep was downloaded 129,000 times in little more than a day after its recent release.

Firesheep works by finding wireless broadband networks that are not protected by a password.

It can then access stored information or “cookies” on computers using the unsecured network.

Firesheep can then use these cookies to log into the private profiles of the unsuspecting user.