From Firesheep comes FireShepherd and a Facebook Bonus

Posted by: on Jan 30, 2011 | No Comments

I wrote a blog post last week about the dangers of a new Firefox browser extension called Firesheep.  My good buddy Lee (aka @JustaSunGod on Twitter) immediately brought to my attention a program that was created to render Firesheep unusable by flooding the local Wi-Fi network with packets designed to turn off Firesheep.  The program was created by Gunnar Atli Sigurdsson, a 21-year old student at the University of Iceland.  Here is how he describes FireShepherd:

“FireShepherd, a small console program that floods the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep.”

You can read more about FireShepherd on the gigaom.com website here and on the forbes.com website here.   Please use these types of utilities with caution.  The best solution is to only use Wi-Fi hotspots that require a password for their WPA connection and/or only access websites that are secure (with a URL that starts with https://).

Fortunately one of the heaviest used websites (and the one most often exploited via Firesheep) is now rolling out secure access.  That’s right, the big daddy of Social Media known as Facebook is implementing HTTPS access to their site.  The roll-out started a few days ago and may take a couple of weeks to show up in everyone’s security settings.   Please read their blog post on the topic and learn how to turn on secure access to Facebook.   On their page you might find this little gem of a paragraph:

“There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We’ll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”

Don’t be scared off by this. It’s not likely you will notice the performance difference accessing Facebook using HTTPS.  The benefits of using HTTPS greatly outweigh the risks so please turn on “Secure Browsing” access to Facebook.  If you run into issues with third-party applications accessed inside Facebook, you can always go back and turn it off.

Remember to always practice safe browsing.  FireShepherd and HTTPS access to Facebook can now be a part of your safe browsing toolkit.