Dangers of Using Firefox Browser on Public Wireless

October 27 2010

privacy200pxFirefox was my favorite browser for years. The tabbed interface and great plug-in tools captured my imagination. By the way – I am also a MAC guy, but that is immaterial for this issue.

My heart sank yesterday when I learned that Firefox had been hacked. It has been my preferred browser because it is nearly impervious to hackers, unlike Microsoft Explorer which is riddled with hundreds of known security breaches.

Some clever programmers built a program called Firesheep that can be installed as an extension in Firefox to take advantage of a widely know flaw in wireless networks. Suffice it to say, if you are using a public WiFi network, do not log into Facebook or Twitter using Firefox. Use another browser. If you do log on using Firefox, it will allow nefarious people to capture your login information. Here is how it happens.

More details for the curious

Many websites use cookies to enhance Internet browsing. Cookies are harmless items that come in two forms – session cookies, and stored cookies. Session cookies remember your preferences during while you are on a website so you don't get asked for the same information you have already submitted. These cookies get sent to your computer when you access any website.

Here is an example

If you open your browser, go to Facebook, log in, then open another tab in your browser, and close the Facebook tab. Now open a new tab and go to Facebook again. Notice how you are automatically logged in? That is a session cookie doing its job. It remembers you, and makes your experience using websites and web applications better.

Now, back to the Firesheep issue.

When you log into Facebook, here is what happens between your browser and the Facebook server. The Facebook server sends a cookie to your browser. Firesheep can intercept those cookies on public wireless networks when you are using the Firefox browser. Firefox is the only browser that has this security flaw, and there is a fix!


Perhaps you have noticed that whenever you are banking or entering your credit card into a site, your browser has an address that starts with https:// rather than simple http://. The "s" at the end of HTTPS stands for Security. In other words, the information being sent between the website and your computer is encrypted using gobbly gook language that only your computer and the website and decipher with the encryption key in the cookie.

People who are using the Firesheep plugin for Firefox may use that application to snoop for the cookie that Facebook sends to your browser over the open network because it is not sent using the https secure protocol.

Firefox, being the cool cat open source community that they are, have a plug-in that makes all of your web browsing secure with a number of major websites, including Faceboook and Twitter, and its free https://www.eff.org/https-everywhere. Aside from simply using a browser other than Firefox for now, this plug will secure your browser. That is a quick fix – and both Twitter and Facebook and Firefox are working on a software update that will eliminate this from happening.

Whenever something like this is discovered, the Firefox developer community springs into action. Fixing something like this for the world is what these guys live for. It makes them heros and legends in the world of computer programming. Be sure you update your Firefox browser often to experience the latest improvements and protections.