A new Mozilla Firefox extension allows anyone on a wireless network to access user accounts on sites like Facebook and Twitter, raising concerns over the cyber security of Georgetown’s network.
Firesheep, which was released for free download earlier this week by software developer Eric Butler, allows users to view all the accounts of other Wi-Fi users logged into many popular social networks. If they choose, the users can also log in to any of these accounts with just a click.
For regular users of large wireless networks, such as the primary Georgetown University network “HOYAS,” the application represents a threat to online security.
Beth Ann Bergsmark, director of academic and information technology, said that the university is aware of the threat and encouraging users to protect their information. But few students said they were aware of Firesheep.
“It sort of creeps me out,” said Kristina Wilson (COL ’13), summing up the reactions of many.
Firesheep exploits the weaknesses of many websites who do not sufficiently protect “cookies,” or saved login information. Butler created the application to demonstrate how serious the problem is.
“On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy,” he wrote on his website when he released Firesheep.
Bergsmark said that university applications such as Blackboard, MyAccess and GUMail are safe from intruders via programs such as Firesheep. Gmail, which encrypts data transfers, is also safe.
“But you are still vulnerable if you are connecting to other websites like Facebook or Twitter that do not encrypt all of your data transfers,” Bergsmark said. Other sites that could be hacked by Firesheep include WordPress, Yelp, Flickr, Amazon and Tumblr.
Bergsmark recommended that students sign out of any vulnerable accounts when they are finished with the website.
“This is very important,” she said. “If you do not log out, anyone can snoop in on your session, track where you have been, and capture your personal information.”
Bergsmark also recommended replacing the “http” in any web address with “https,” which encrypts your session on some, but not all, websites. She said that it is important to use different passwords so that if hackers steal a Facebook password, for example, they cannot also access your bank account.
Future University Information Services upgrades might help reduce the vulnerability of the Georgetown network.
“UIS is planning on deploying secure wireless authentication and encryption in areas that can support this technology after the roll-out of the new wireless capability in the residence halls,” Bergsmark said.
While students expressed concern over the safety of their online accounts, they also said they could understand the logic behind Firesheep.
“I guess it makes me think about other programs that can access your information online,” Melissa McClure (COL ’13). “But it’s just a very strange way to do it.”
