Mister Nifty

I read this article today, and it was an adequate reminder to make sure my home WiFi was secured. An estimated 32% of Americans steal WiFi access from their neighbors. You might not think it’s a big deal to have an open network, but it is a huge liability for you. In the case of child pornography, someone could park in front of your house and download thousands of images and be on their way in mere moments, leaving you with the IP footprint of their activity. There are also hacker types that piggy back on free wifi to do their hacking the identity of someone else.

If you have an open router at your church or if you don’t have a content filter setup on the router level, the potential for something like this to happen is very likely. A couple of years ago, someone from our private school downloaded a bootleg movie. Two weeks later, our administrator received a letter from our ISP saying that we potentially could be sued by the movie house and our ISP contract dropped. The movie house then followed up with a royalty bill for several thousand dollars.  Our network was secure, but we weren’t filtering properly. After this incident, we setup opendns.com to filter out all types of content and it took care of the problem.

There are two main steps to making your network safe:

1. Security – Setup a secure network password. I use a random password generator for my router. I also use MAC filtering to only allow computers I trust on my network.  Also, make sure your router’s browser access password is changed from the default settings. I use a random password for this as well and store it on a hard copy in a secure location.
2. Filtering – It’s good to have a content filter on your local machine, but this has no effect on the rest of the computers on the network. I use OpenDNS because it integrates right into my router settings. This gives me control to block any sort of content I choose for everyone who is logged into my router.

If you don’t have either of these in place, please take a strong warning from me that you need to do it immediately! You potentially could be adding liability to your family, work place, or church. You can do this for free. If you have any questions, shoot me an email or leave a comment below.

Earlier this year, a product called FireSheep was released to the public for free. Firesheep is a packet sniffer extension for Firefox. Basically, what it does is monitors the entire local network for HTTP requests. Embedded in these HTTP requests is your user name and other important information when you browse sites like Facebook, Twitter, and even your WordPress installations.  Once you log into any of these services that don’t operate over an encrypted protocol, your account information displays on the snooper’s sidebar. They are then able to double click and access any of your accounts without a password.

I knew this could be done, but I was skeptical about FireSheep at first. I tried this on my local network with several devices and to my horror, it actually works. I was able to log into WordPress, Facebook, Twitter, YouTube, and Google without a password by simply being logged in on another computer.  Banking sites, and any site that uses the encrypted HTTPS protocol is safe from this “sidejacking” attack.

There is no foreseeable solution in the near future to prevent this type of attack as most services would be brought to their knees financially running everything over an encrypted connection. This is a fault of the original designers of the web and users have been vulnerable since the inception of the Internet. FireSheep is the first widely distributed, user-friendly program that I know of which allows the consumer level user to hack other people’s connections without any knowledge of packet sniffing.

Over 250,000 people have downloaded FireSheep so don’t think you’re not in danger. There is a good possibility someone at your local free WiFi Hotpot is lurking with FireSheep open. If you’re thinking about downloading it and hacking other people’s accounts, understand that you will be in violation of Federal wiretapping laws and could face prison time if caught and convicted.

Protect Yourself

So, the 600 lb. gorilla in the room now is how to protect yourself from these attacks. Here are some recommendations that you can do to make sure your accounts are safe.

• Never login to unsecured, untrusted WiFi in residential areas. This is not only illegal, but can be dangerous.
• When you’re done using a service, log out immediately. This way if you do have to use into a WiFi Hotspot, there is no information being sent to the hacker. Do not log into anything that doesn’t have https in the URL while using the free WiFi.
• Secure your local network with a secure encrypted pass code.
• Use LogMeIn Free as a VPN. Simply install LogMeIn Free on your home desktop, and when using free WiFi, login and use your home computer to do your internet business. This is the safest way I know to use public WiFi.
• If you have a VPN solution, use it! Any information sent over a VPN is encrypted and is not vulnerable to FireSheep as long as your home network is secured properly.