http://www.dailyexaminer.com.au/stor...et-scam-crime/

Computer hackers surf new program

MOST people have heard the term “a wolf in sheep’s clothing”. However,
this old expression may need to be changed to a “hacker in sheep’s
clothing” due to a sneaky new program called Firesheep, which allows
hackers easy access to information on computers logged on to unsecured
wireless networks.

Firesheep is a downloadable plug-in application for internet browsers
which allows users to scan for unsecured wireless networks and steal
“cookies” – files automatically stored on computers using the network
which can contain automatic log-in information for some websites.

Websites such as Facebook, Twitter and some web mail services like
hotmail allow users the option to automatically log-in to their
accounts when they navigate to their pages, which creates a cookie
file on their computer with their log-in information.

If Firesheep users get a hold of these cookie files, it can allow them
to log-in in to the victim’s account and view information. It also
grants them the freedom to make any changes they like, such as status
updates or sending emails and messages.

Computer Troubleshooters North Coast owner Tony Hattam said
downloading the plug-in and taking over someone’s account on an
unsecured network was a relatively easy process and warned people to
take precautions.

“It’s certainly quite insidious,” Mr Hattam said.

“Thankfully, it can’t track your username and password details, but
it’s certainly the easiest way I’ve seen to take advantage of
someone’s unsecured wireless connection.”

Mr Hattam said unprotected wireless networks were vulnerable to the
process and once a hacker had gained access to a computer on the
network, they could then view and copy these cookies files to various
web accounts at their leisure.

Fortunately, sites such as bank websites which requested a password
every time the user logged-on were safe from Firesheep attacks, but
hackers could still potentially cause havoc and embarrassment by
hijacking people’s Twitter, Facebook or web mail accounts.

According to Mr Hattam, the Firesheep program had been downloaded more
than 129,000 times in the day after it was released so there were a
huge number of potential hackers just waiting for an opportunity.

Mr Hattam said this, combined with the fact that many people were
unintentionally running unsecured networks, gave potential Firesheep
hackers a buffet of different targets to choose from.

He said the best way to thwart potential “sheepers” was to make sure
any wireless networks were secured and password-protected and to avoid
logging on to an unsecured public network.

“Setting up a password or securing your broadband connection is very
easy to do,” Mr Hattam said.

“Even things like the free wi-fi at McDonald’s can leave your computer
at risk from programs like Firesheep.”

He said a secure wireless network had to often be manually set up by
the user and encouraged anyone wanting to establish a new network or
secure their existing one to thoroughly read any documentation which
came with the equipment.

Mr Hattam also said to run any software which originally came bundled
with the equipment because this often walked users through the process
of securing their wireless network.