Recently a plugin for FireFox was released that made it easy for every day internet users to perform session side-jacking attacks. While this is not a new vulnerability, the release of this tool highlighted the need for more knowledge and protection against this type of attack. Here are some quick tips for keeping yourself secure while using public wifi networks (or any network where an untrusted individual may have access.
Clear Your Cookies & Cache
Cookies are small bits of information that websites leave on your computer so they can remember who you are and your preferences. Clearing your browser data is good internet hygiene, and is always important; but especially prior to jumping on any public wifi network. Thousands of websites use services like Facebook Connect and Google Friend Connect to access your identity so that you can comment and interact on a personal basis with that website. You may not realize it but if these cookies are still active on your computer people and websites could be accessing them without your knowledge when you connect to a public network.
Here’s how to clear your cache and cookies in Internet Explorer
Tools > Internet Options > General > Browsing History > Delete Then select the temporary internet files option and the cookies option at least. You’ll also probably need to uncheck the Preseve Favorites website data option as it will most likely consider Facebook and similar sites among your favs.
Here’s how to clear your cache and cookies in FireFox
Preferences (or Options) > Privacy > clear history | make sure the cookies and cache boxes are checked at least, normally you will want the “Everything” time range and then click Clear now
Here’s how to clear your cache and cookies in Chrome
Click the wrench icon > Tools > Clear browsing data | Then check the boxes for cache, Cookies and other site data, choose the everything time period and click Clear Browsing data.
Watch the https
You might have noticed a lock or key icon when visiting certain websites. This means that your connection to that website is securely encrypted. This makes nearly impossible for other people to read the data that you and that website are sharing. When you are on a public network this secure connection is critical. Without it anyone on that network could listen in and capture the information flowing between you and the website you’re using. Always make sure that when you enter personal information or login in to a website that the address in the address bar says https. When you are on a public network some websites will secure your login information but not all the communication following. Other users of the same network could intercept that information and either read it or use it to impersonate you. To secure yourself you can follow several different step some of which can be combined and each of varying levels of security.
Step 1. Set your most commonly used websites to force secure connections whenever you are logged in. For example, Facebook and Gmail allow you to do this.
Step 2: Install the FireFox plugin “https everywhere” that forces secure connections on all websites known to support them. This may slow down your browsing experience but is critical if you are on a public network. It’s not something you need to run on your home network.
You can mitigate all connection risks in public by choosing to use a Virtual Private Network (VPN) connection or by using a mobile broadband option. Using a VPN encrypts all of your traffic locally so anyone watching the local network would be hard pressed to listen in or side-jack a session (you still have to watch out for man-in-the-middle attacks but these are harder to perform and easier to spot). Using a mobile tethering option, like a mifi, with wireless encryption enabled is also very secure since you are on a different network than potential side-jackers.