This isn’t about VoIP, per se, but it is about the threat we’ve long talked about of transmitting data over insecure WiFi networks. At the Toorcon 12 conference this week, Eric Butler and Ian Gallagher released a Firefox add-on called “Firesheep” (view their Toorcon slides) that scans an insecure WiFi network for login credentials passed as cookies and then, with a single click, lets you login to those accounts. Some of the reports:
- ReadWriteWeb: At a Cafe? I Can Hack Your Facebook, Twitter, Etc…With a Firefox Extension
- TechCrunch: Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily
- CNET: Researchers hack toys, attack iPhones at ToorCon
TechCrunch followed up with a post about how to protect yourself – by forcing SSL connections:
Although as noted in the comments, that doesn’t always work.
While this Firefox add-on is focused on the security of social networks, there are many other services out that there are sending data unprotected over networks.
In the end, we need more SSL (or “TLS” to those who understand the difference) – and other end-to-end technologies – to give us a safer Internet. Sadly, it will probably take proof-of-concept apps like this to make people pay attention.