It’s finally happened. The simple tools to destroy our security have spread to the masses and the world is over. You might have heard about a Firefox add-on called Firesheep, which is able to gather password from Facebook, Flickr, Google, Amazon.com, Twitter, Wordpress, and Yahoo if you log onto a unsecured Wi-Fi network with someone running the program. It’s not like we all use a giant unsecure Wi-Fi network at ASU right? Oh wait… Let me be clear: I don’t think that we should lock down our networks with a bunch of byzantine Wi-Fi encryptions that have already been broken. By taking security into your own hands, you will be much safer.
Encrypting Your Information
One of the easiest things that you can do (and the point of Firesheep being released) is to encrypt your login on sites that offer it. A Firefox add-on released by the EFF and the TOR project called "HTTPS Everywhere" aims to encrypt your information on the big websites including Facebook, Twitter and Paypal. The product is still in beta and there are more sites being added with every release. Unfortunately, a Google Chrome release isn’t planned for the near future, but the Force HTTPS extension should cover you for Twitter and Facebook.
If possible, look for the site’s individual HTTPS settings and try to turn them on. Unfortunately, some sites do not use proper encryption techniques for their entire site or they leave the cookies open for attackers to manipulate. For more information about how site security and privacy works (along with neat tips, like how the government can take your information — warrant free!) check out the non-profit Electronic Frontier Foundation’s Surveillance Self-Defense page.
tl;dr – Use HTTPS when available, lots of browser add-ons can enforce it.
Passwords
It’s been said once, and I’m going to repeat it here: Don’t share your password with anybody, under any circumstances. There is no telling what exactly people could do with your password, whether it’s your significant other or a friend. This is doubly true if you use the same password for everything.
Gina Trapini’s article on creating a strong password system does a great job on teaching you a system to remember these awesome passwords. Some rules of thumb include using at least one capital letter, one non-alphanumeric character (ex: &), two numbers and staying above 12 characters. Using all of these tips you get about a 58.6 bit entropy according to Rumkin.com.
If you need to keep track of all of these passwords, the LastPass system provides add-ons for nearly every browser, operating system and mobile phone. If you are looking for something not based out of the cloud, check out the open-source Keepass for local storage.
tl;dr – On the real, don’t use the same password for everything and try to make your passwords secure.
Network Security
Knowing what network you are connecting to is incredibly important. For the most part, ASU’s wireless network is pretty secure, but even the Wireless Network Safety page warns against “Checking bank account statements, paying tuition, making online purchases with credit cards or signing into websites housing personal information.”
There is so much information on wireless networks, but two good rules to live are if the network is not secured than other people can access your information in a clear text form, and never connect to a network that you don’t know the source to. A good place to get started is the Wikipedia page about wireless security.
tl;dr – Know what site you are connecting to and don’t let sensitive info fly over an unsecured network.
People using Firesheep don’t have access to the actual password that you used, they are just able to log in and mess with stuff. To be honest, the people using Firesheep aren’t the people you should be worried about. The real threats are people who don’t need a Firefox add-on to get at your information. Being careful with your information by using encryption, separate passwords and by knowing what networks you are connecting to make you that much safer. Also, for the love of science, don’t forget to log out when you leave your computer in a public place.
