WARNING: Serious Security Risk for Travelers!

A very new, very real security concern has hit the world of the Internet this week and it is something every flashpacker has to be aware of as they travel.  Flashpackers use the net for all manner of activities, many of which are socially oriented.  If, like many travelers, you use Facebook, Twitter, Flickr, WordPress, Google or Yahoo, it is critically important you read the information below.

The Problem:

On October 24th, 2010, a software developer released a plugin for Firefox that allows the average, everyday Internet user to take advantage of an Internet security hole that was previously only accessible to hackers and techies.  I only have a basic understanding of the situation, but will explain what I know in the most basic terms I know how.  I welcome anyone with more advanced knowledge (there should be a lot of you) to elaborate on both the problem and possible solutions.

In an attempt to bring light to the serious lack of security out on the web, the developer Eric Butler created a firefox extension called “Firesheep”.  When this extension is installed and activated, it captures small data files called “cookies” used by certain sites. It then displays a graphic of the cookie in a sidebar of the browser’s window.  All the user has to do is double click on one of those icons and they logon as you.

How this affects you:

The reason this is of such concern to flashpackers and backpackers is obvious in how we use the Internet. While being a main source of information on travel and destinations, we use it to keep in touch with people back home, share our travels with others and stay on top of mundane tasks like paying our bills.  Some of us even work from the road using the Internet to do so.

On the road, you have little choice with where you access the net.  It is unlikely you will stay at a hotel or hostel that doesn’t have Internet, but on the off chance you do, you’ll find access at the local Internet café.  Wherever you tap in, you’ll be sharing the network with other travelers and who knows who else.  All it takes is one person on the network to have this running while you access a site for them to be able to logon as you.

Possible solutions:

It looks like there are two immediate solutions.  First, you could try and use a VPN (Virtual Private Network).  These are used by big companies to allow employees secure access to company networks.  They are also available to private users for a monthly fee.  The way this would work is that you find access to the net like normal,  connect to your VPN, and then run everything through that.

The other solution is to use the firefox browser for all your browsing, and install one of two plug-ins:  Force-TLS or HTTPS-Everywhere.  When you connect to sites like Facebook or Twitter, these plug-ins force the site to go through HTTPS, a more secure form of the HTTP we’re used to.

Act now:

Because we access the net so often and from so many different and varied networks, flashpackers are one of the most at-risk groups for this type of attack.  Just one way I’ve heard this can be used is someone getting a hold of your Facebook account and chatting up friends and family to wire you money.

For more information, check out this article.

  • http://budgettravelerssandbox.com Nancie (Ladyexpat)

    Thanks for sharing this. I’ll be looking at the plug-in you have suggested.

  • http://www.travelfish.org Stuart

    Or, just don’t use unsecured WiFi networks.

    • Anonymous

      Yes, this will help. The problem here is that sometimes we have no choice, as that might be the only thing available. In addition, this is even a problem on “secured” networks, such as a hotel network with a password. Just because the network requires a password doesn’t prevent someone else on the network from running the firefox plug-in. Less likely, yes, but by no means safe.

  • http://www.traveldudes.org Melvin

    Good article…. Should give some people to make some thoughts about private data! If you start to read more about it, it’s getting scary!

    • Anonymous

      Yeah, each time something like this happens, I up my security procedures. It’s like flossing – I know I should be doing it more but it takes a trip to the dentist to get me back on track.

  • http://www.baconismagic.ca Ayngelina

    Oh wow thanks for the warning.

  • Anonymous

    Proof that idle hands create lots of havoc in the devil’s workshop….thanks for the warning!

  • http://www.theroadforks.com Akila

    Eeks. Thanks for the warning.

  • @_thetraveller_

    That is CRAZY and really scary! Thanks for explaining it as much as you could. Really freaks me out.