Why does firesheep need my password

This will help you whenever you use untrustworthy networks. You can subscribe to a VPN service, in order to make this task easier. Report a problem or mistake on this page Error 1: No selection was made. You must choose at least 1 answer. Please select all that apply required : There are broken links.

The page has spelling or grammar mistakes. The information is wrong or outdated. Other Please specify maximum of characters :. Note You will not receive a reply. For enquiries, please contact the Office of the Privacy Commissioner. Do not include any personal information, such as your name, social insurance number SIN , home or business address or any case or files numbers.

For more information about this tool , please refer to our terms and conditions of use. Called Firesheep, the program lets users see who is connecting to the Internet through an unsecured Wi-Fi network. Once someone connects to an open Wi-Fi network, the program shows the person's name and photograph. Just double-click on someone's name and - voila! If a person is using Facebook over an unsecured WI-Fi network, with Firesheep's help, you could go into their account, change their password, check out their profile, interact with their friends and more.

Butler did not immediately respond to a request for comment from ABCNews. But in a blog post on Firesheep, he said the program exploits a security flaw related to browser cookies. When a user signs into a website with a username and password, the server searches for an account that matches the information.

Once the server finds the matching account, it sends the user a cookie that the Web browser uses for the rest of the online session. Nevertheless, Firesheep, and sidejacking in general, is still a serious security threat if you happen to be using open or unprotected Wi-Fi. Here are a few basic things you can do to protect yourself when using public Wi-Fi. This piece of software basically creates a secure tunnel for your data that runs between the Wi-Fi router and your computer.

This means Firesheep will not be able to steal any data passing between your computer and the router since all communications will be encrypted. This extension forces certain Websites to use a secure SSL connection for your entire browsing session instead of just the login. Strict Transport Security STS is a relatively new security feature that is starting to appear in some browsers.

Once you start using STS, you will not be able to use an insecure connection ever again when connecting to a specific site such as Facebook or Amazon. Be aware that STS is still relatively new, and may not be available for all browsers. Websites have a responsibility to protect the people who depend on their services.

They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win. Although many websites give lip service about how important their users' privacy and security is to them, very few have their entire site encrypted with HTTPS.

Most sites encrypt the username and password during the login process, but most of those sites stop encrypting and protecting the user right there. As soon as a user moves on to a regular HTTP page on the site, an attacker can sniff and capture the user's cookie information.

Many, however, pointed out that the most secure route is to set up a VPN virtual private network for whenever you access the Internet using unsecured wireless. Others pointed to an SSH secure shell , which allows the secure transfer of information.