Hide your wi-fi

Run and tell the campus community that Firesheep is hacking everybody out there

By Maroon Editorial Board

That always-hilarious prank where you change your friend’s Facebook profile to reflect a sudden interest in Ke$ha and the collected works of Danielle Steele just got much, much easier to pull off.

That’s thanks to Firesheep, a recently released plug-in for Firefox and something you ought to know about, if you don’t already. Firesheep, which is freely available online, allows anyone to connect to an open wireless network—like UChicago’s—look for other users connected to websites like Facebook, Twitter, and Tumblr, and then log in to one of those websites using another person’s profile. Open Firesheep in the Reynolds Club, Cobb, or your Global Warming lecture, and at least a half dozen Facebook profiles will be yours to browse and edit as you see fit.

The tech-savvy will point out that hacks of this sort have been possible for years, and while that’s true, the accessibility of Firesheep has fundamentally altered the nature of the threat. Now anyone who knows about the plug-in can commandeer your personal accounts in a matter of moments and, after the media hubbub that accompanied Firesheep’s release in late October, an awful lot of people know about it.

The danger posed by the plug-in is compounded tenfold by how accustomed our generation has become to storing deeply private information online. Firesheep allows almost unfettered access to your archive of Facebook messages, your private blog posts, private Flickr photos, and much else besides. Someone erasing Kazaam from your favorite movies on Facebook may be annoying, but if the wrong person goes snooping through your old messages, the results could be socially and emotionally catastrophic.

Hopefully, the websites that are vulnerable to Firesheep will close their security holes in coming years; IT Services is rolling out a new form of wireless that prevents the exploit, but until then, the risks of using websites like Facebook on open wireless networks should be made clearer. Something as easy as a flier campaign around campus, for example, would alert users to the existence of hacks like Firesheep. A notice posted on the UChicago wireless login page, or a campus-wide e-mail, would also get the word out.

Past that, the responsibility lies with website users to guard their information. There are now plug-ins available which guard against Firesheep and make surfing in public more secure. Those are good deterrents, but the larger lesson is that it is unwise to let your private information linger online. For those of us without the technical know-how to predict the next security breach, there’s no telling when the information we store—even in the safest-seeming corners of cyberspace —could be compromised. When we blindly assume our information is safe and sound behind a username and password, we may as well be playing with fire.

The Maroon Editorial Board consists of the Editor-in-Chief and Viewpoints Editors..