There has been a lot of buzz last week about the appearance of Firesheep, a simple tool allowing anyone to hijack access to various web sites on public networks. The sites turning out particularly vulnerable are the social media sites such as Facebook, Twitter, or LinkedIn. While many people sound alarm about this tool that makes identity theft a child’s play, Eric Butler, the Firesheep creator has defended his creation as a way to alert the world about the perils of social media.
Eric is right. Firesheep didn’t introduce a new security breach. It merely exposes an issue that has been around for years. The social media sites have to take responsibility for their users’ security and make sure the traffic is encrypted so that hijacking is not possible. After all, my bank’s site uses SSL for the entire session – why cannot Facebook do it?
The ultimate issue, however, are the users themselves. Any information posted on a social media site such as Facebook or Twitter has to be considered public. Facebook has 500,000,000 users – that sounds pretty public to me. Once you have a couple hundred of friends, you cannot consider anything you share with them private or confidential. And you need to be really careful about what you post on Facebook.
Social engineering is a simple hacking technique that uses information posted on social media to gain unlawful access to your private data. The idea is very simple. Your bank and other highly secure sites use your personal information to facilitate automatic password retrieval: mother’s maiden name, name of your pet, or name of the high school you went to. Knowing such tidbits of your personal life is often sufficient to retrieve your password and gain access to your private data. And if you share such information on Facebook, you are making it too easy for the social engineers.
The solution is simple. Don’t ever share any information that could be used to retrieve your password, to compromise your security or your privacy. And don’t consider your Facebook friends a trustworthy group of responsible individuals. There are many articles such as this one available that help you decide what to share and what not to share. Be particularly careful about any personal information that identifies you unambiguously such as e-mail address, home address, or phone number. Such information is a bonanza for hackers. And finally, beware of what others post about you – they may unwittingly disclose such compromising information about you.
All this precaution may still not be enough to prevent your Facebook account from being hacked. The result of such misfortune could be embarrassment or impropriety, possibly very serious. But being careful with your personal data will protect you from possible financial ruin or identity theft. And that’s a pretty good reason to be careful.
And try out Firesheep at your local Starbucks wi-fi network. Once you did, you will think differently about your online privacy.
Image: Scene from the movie The Lives Of Others with the late Ulrich Mühe as a East German Stasi Captain spying on his target. And you might also enjoy this video: