How to prevent Firesheep hacks, attacks and hijacking

FiresheepAirports, coffee shops, and campuses everywhere became a little more dangerous this week when Wi-Fi hotspots were inundated with curious “hackers” who downloaded the Firesheep plug-in to take a peek at their neighbors Internet habits.

The downloadable Firefox extension created by Seattle Web developer Eric Butler and released to the public this week has been a hit with novice hackers everywhere. While Firesheep does allow users to hijack someone else’s Internet session, it doesn’t give them access to passwords or other account information that a person isn’t viewing.

But just as swiftly as the annoyingly easy-to-use extension was unleashed on Wi-Fi connections everywhere, a couple of quick fixes have been introduced. Here is how you can avoid inadvertently exposing your private information through Firesheep.

Use a VPN

Besides the very obvious resource of avoiding public Wi-Fi networks altogether, one option is to use a virtual private network (VPN) when connecting. A VPN will act like a guard when using Wi-Fi and encrypts all of your information circulating between you and the Web. It isn’t free, however, and runs around $5 to $10 a month. There are varying opinions on how much using a VPN protects users.

Download a Firefox plug-in

If that’s not enough security or if you aren’t concerned enough to pay a subscription rate, Firefox itself wants to offer a solution to its own problem. The browser offers two different, free plug-ins that encrypt your information when visit specific sites. HTTPS-Everywhere and Force-TLS prevent snooping on particularly personal sites, like Facebook, Twitter, and PayPal.

Force-TLS lets you design the list of sites you’d like protected and HTTPS-Everywhere comes with its own. If you use a different browser, however, you’re out of luck: These are available only through Firefox, but if you care about a private net session it’s worth it to use Firefox momentarily.

Beware the evolving ‘sheep

These tools will keep Firesheep users out of your computer, but it doesn’t fix the real problem: that these sites full of very personal information aren’t encrypting all of that. Butler insists that he waits for the day that Firesheep will be unusable, saying on his blog “Going forward the metric of Firesheep’s success will quickly change from amount of attention it gains, to the number of sites that adopt proper security. True success will be when Firesheep no longer works at all.”  He also warns, or really, promotes, that more versions of Firesheep are in development. But if his experiment results in making the Web a safer place, maybe the hoards of Wi-Fi users currently paranoid about the Internet activity will thank him.