So if you are enjoying some Starbucks wi-fi or free wi-fi at McD's, does this apply?

What about hotel wi-fi? They usually give you a password, don't they?

 

Very True! but for HTTP websites only. HTTPS sites cannot be hacked or scanned.

 

It depends on the encryption used. I believe if it's WEP then you would still be vulnerable to session hi-jacking which is what Firesheep does, it just makes it REALLY easy. WPA shouldn't be vulnerable. For facebook you can now use HTTPS (as Ibrahim just mentioned), but just be weary that Firesheep can snag sessions from a ton of other sites (twitter, amazon, etc).

I messed with Firesheep, not maliciously or publicly, just with friends when it first came out. It's scary because of how easy it is to use the software. Prior to this you'd have to do a bunch of other work to hijack a session. Now it's a simple Firefox plugin. Basically install the plugin, turn it on, wait, then three clicks and your're into someone's session. The good news and I think the point of it all is that it's pushing individual sites like Facebook to start offering secure sessions when they hadn't in the past.

 

I believe part of the problem is that only the login page is encrypted, and further pages and cookies are not. Rather sloppy for the site administrators.

Like it is with Firesheep, the same goes for WEP password hacking... it's gotten to the point where you can just grab software that'll figure it out for you. Which is honestly the only way I'd be able to do it, but just knowing I could is bad enough, since I wouldn't know where to start otherwise.

All the more reason to avoid WEP networks...

 

Found the article Lainey talked about...


http://digitallife.today.com/_news/2...ing-your-wi-fi

 

I had a neighbor tell me he was trying to hack my network at my house. From what he said he could not do it. But I redid the network even more secure and renamed it HaHaHa ... LOL

 

L

Looks like that's what I have. My modem/router was provided by the ISP I have a WEP key/number to use if another wireless user visits me....

 

Anyone with FIOS? Verizon actually used a base 32 version of the preprogrammed WEP key as the ESSID....
so effectively...you see s FIOS router name....you have the WEP key without having to try a packet injection hack.

 

No FIOS here.

 

Try googling the make/model number of the modem/router. There should be a way to log into the administration settings from a computer connected to it, and change the settings.

Or call your provider and request instructions how to change to a more secure standard.