Wheredidthetigergo - Web Design & Web Development

Vulnerability of open wireless networks

Screenshot of Firefox extension

A developer has released a browser extension which illustrates vulnerability of open wireless networks

Whilst most people are often concerned with issues relating to Facebook's privacy policy, a new Firefox extension has been released which shows the vulnerability of all unsecured HTTP websites, including popular sites like Facebook, Twitter, Basecamp and Google, especially using open wireless networks.

To use the Firefox extension, you simply connect to an open wireless network, wait for someone else to login to an unsecured site (recognised by the extension), click on their image, and you have access to full access to this account.

This works using something called "HTTP Session Hijacking" (aka Sidejacking) - most websites use sessions to identify that you have logged in. Details of these sessions are transmitted and are stored on your computer as a cookie. Across HTTP sites and on open wireless networks, these cookies are essentially shouted about for anyone to pick up on.

Websites where every page is protected by a secure certificate, an SSL certificate (a yellow padlock), do not have this vulnerability as the cookie is encrypted.

As a user, you can protect yourself by avoiding using sites that requires a login on open wireless networks, or by using a secure VPN connection.

As a website owner - if your site requires a login and does not have an SSL certificate, you will likely have a similar vulnerability, although the level of risk is significantly less depending on the number of visitors and their geographic location. As a matter of course, Wheredidthetigergo protects critical functionality (such as changing passwords and account email address) by re-authenticating the current user.

Perhaps more of a concern are administration functions, for example modifying the content on your website. Whilst your account is unlikely to be compromised by a chance attack, the ease of use of this Firefox extension means that you could be subject to specific targeted attacks (for example if you regularly use an open wifi connection in the same cofffee shop), and you are strongly recommended to either avoid accessing your website on an open wifi connection or on a public computer, or purchasing an SSL certificate to protect critical functions - prices start from £135 + VAT per year.

If you have any queries or concerns regarding this - please get in touch, and we can talk you through how this threat relates to your website.

Our Charity Promise

Read our promise to charities & voluntary/community groups, and find out what we can do to help your organisation.

READ MORE

TIGER CONTACT

Find out more about simple, low cost email marketing

SUPPORT

Login to our support portal to manage your website's support tickets

(Help! I don't know what to enter here!)

Wheredidthetigergo is situated between Northampton and Milton Keynes.

We provide web design and development services locally in Northamptonshire and Buckinghamshire, as well as further afield - we have customers thoughout the country from the South coast, London and as far North as Middlesbrough.

Professional Indemnity

Professional Indemnity
provided via Simply Business

Public Liability : £2,000,000
Professional Indemnity : £250,000

View our policy details