A very new, very real security concern has hit the world of the Internet this week and it is something every flashpacker has to be aware of as they travel.Â Flashpackers use the net for all manner of activities, many of which are socially oriented.Â If, like many travelers, you use Facebook, Twitter, Flickr, WordPress, Google or Yahoo, it is critically important you read the information below.
On October 24th, 2010, a software developer released a plugin for Firefox that allows the average, everyday Internet user to take advantage of an Internet security hole that was previously only accessible to hackers and techies.Â I only have a basic understanding of the situation, but will explain what I know in the most basic terms I know how.Â I welcome anyone with more advanced knowledge (there should be a lot of you) to elaborate on both the problem and possible solutions.
In an attempt to bring light to the serious lack of security out on the web, the developer Eric Butler created a firefox extension called â€œFiresheepâ€.Â When this extension is installed and activated, it captures small data files called â€œcookiesâ€ used by certain sites. It then displays a graphic of the cookie in a sidebar of the browserâ€™s window.Â All the user has to do is double click on one of those icons and they logon as you.
How this affects you:
The reason this is of such concern to flashpackers and backpackers is obvious in how we use the Internet. While being a main source of information on travel and destinations, we use it to keep in touch with people back home, share our travels with others and stay on top of mundane tasks like paying our bills.Â Some of us even work from the road using the Internet to do so.
On the road, you have little choice with where you access the net.Â It is unlikely you will stay at a hotel or hostel that doesnâ€™t have Internet, but on the off chance you do, youâ€™ll find access at the local Internet cafÃ©.Â Wherever you tap in, youâ€™ll be sharing the network with other travelers and who knows who else.Â All it takes is one person on the network to have this running while you access a site for them to be able to logon as you.
It looks like there are two immediate solutions.Â First, you could try and use a VPN (Virtual Private Network). Â These are used by big companies to allow employees secure access to company networks.Â They are also available to private users for a monthly fee.Â The way this would work is that you find access to the net like normal,Â connect to your VPN, and then run everything through that.
The other solution is to use the firefox browser for all your browsing, and install one of two plug-ins:Â Force-TLS or HTTPS-Everywhere.Â When you connect to sites like Facebook or Twitter, these plug-ins force the site to go through HTTPS, a more secure form of the HTTP weâ€™re used to.
Because we access the net so often and from so many different and varied networks, flashpackers are one of the most at-risk groups for this type of attack.Â Just one way Iâ€™ve heard this can be used is someone getting a hold of your Facebook account and chatting up friends and family to wire you money.
For more information, check out this article.