I heard about a sniffing program where people could hack your Facebook if you log on at a public Wi-Fi spot. Is that real or hype? Any way to protect myself?
It’s true. If a nefarious Firefox extension called Firesheep is running on someone’s computer on the same open Wi-Fi network, it can “hijack” the cookie that Facebook and other login sites sends back to your computer when you sign in. Your name and Facebook picture show up in the Firesheep sidebar, and all the hijacker has to do is double-click it and they’re logged in to Facebook as you.
Oh, Faceborg, we wish we could quit you.
According to his blog (codebutler.com), Firesheep’s developer Eric Butler wrote this extension “to demonstrate just how serious this problem is,” and he hopes users will “demand a more secure web” from the websites they use. All it takes is end-to-end encryption, known as HTTPS (hypertext transfer protocol secure) or SSL (secure socket layer). Facebook took its sweet time enabling HTTPS, but as of press time it should have rolled out to everyone—if you know where to find it.
Click the Account link at the top-right of any Facebook page, then select Account Settings from the drop-down. On the next page, expand the Account Security section and check the box for Secure Browsing (HTTPS). For some extra security, you can have Facebook email you every time your account is accessed on a new device.
GOT A TECH QUESTION OR A HELPFUL TIP TO SHARE?
Email ask@maclife.com or write to Mac|Life,
4000 Shoreline Ct, Suite 400, South San Francisco, CA 94080
