SALT LAKE CITY — Public Wi-Fi users, beware.
A relatively new program called Firesheep allows someone on an unsecure Internet connection to access profiles and accounts of others using the same network.
Victims could be at popular Wi-Fi hot spots like coffee shops, cafes, and even fast-food restaurants like McDonalds, where Wi-Fi is free and doesn't require a password.
"I'm probably here at least twice a week,” said Jarold Hines, who was logged into the free Wi-Fi at Paradise Bakery in Sugar House. “I buy and sell a lot on eBay, and so I use PayPal, which is like online banking.”
Hackers using Firesheep in free Wi-Fi spots can easily see who else is using the same Wi-Fi network they are connected to. That information is posted to a hacker's screen. The hacker can then quickly click into any website others on the same network may be using — even if the website requires a password — and access the site as if they were the actual user.
Firesheep is a plug-in for the Firefox browser that makes it very easy for an attacker to intercept information that is passed over an open wireless network,” said Pete Ashdown, the president and founder of XMission, an Internet service provider in Salt Lake City.
Ashdown recommends using only secure networks when dealing with personal information.
“Just because you log into your account doesn’t mean that someone else can log into the account," he said. “It’s that transmission of the password from your laptop or your computer to the destination that needs to pass over secure channels. If it doesn’t, then it’s at risk of being intercepted.”
Ashdown also said there are other plug-ins available that can fight Firesheep and make you aware of who might be looking at your computer connection.
Blacksheep is an example of a plug-in that can notify you if you are at risk of sending your password,” he said. “And it will start showing you the different accounts that people have logged into. Just go to Google and type in "blacksheep."
Even though Firesheep is still new in the Internet world, Ashdown said people in the industry know about it.
“Amazon and most of the big e-commerce sites are pretty well-aware of this problem, and so it’s not as big of a risk there,” Ashdown said. “But if you are buying from a smaller store on the Internet that may not be aware of the problem, stealing a credit card would be a primary risk of being intercepted.”
Websites starting with "https" instead of "http" are a best at keeping your information secure.
Ashdown said Firesheep was actually created to show Internet providers how unsecure personal information is.
“We should all be aware and protect out Social Security numbers, protect information about where we live, because that can all be exploited by somebody that wants to get credit cards,” he said.
Once Wi-Fi users, like Hines, were made aware of Firesheep and the risks of using unsecure networks, they said they’ll be more careful about accessing websites with important personal information on free, public spots.