CHARLOTTE, NC (WBTV) - Savvy internet users know to look for the "httpS" when performing sensitive internet transactions. However, a new program called FIRESHEEP highlights a silent threat that could create real issues for you.
It's something called "sidejacking". The word is a mashup of hijacking and sideline. This happens on unsecured Wi-Fi hotspots.
Imagine you are using unsecured WiFi to shop at Amazon and check your Facebook account. A cybercreep could be sitting on the "side", sniffing traffic on the unsecured Wi-Fi network, and that allows them to hijack session cookies.
If they hit you at the right place and the right time, they might be able to see your Amazon.com browsing and sometimes gain enough access to read your Facebook or make their own posts there.
If you are on your home or work internet connection, you'll be okay. If you are on an unsecured WiFi network, there is a hidden flaw that happens AFTER you login that could leave your sessions wide open to a cybercreep hacking in.
WBTV's Cyber Expert, Theresa Payton, explains how this works and what you can do to protect yourself.
Most websites do a great job when you first login and give you a secure place to login. But we've recently learned that some of the most popular websites do not always provide you with a secure page AFTER log in leaving your session cookie open for people to follow or use.
You are still okay at that point, unless you are using unsecured WiFi and a cybercreep happens to be around.
Just to show how serious this is, Theresa told us about a new program called, Firesheep. It was created by a developer to show how easy it is to steal information on unsecured wifi when the person is using the Firefox browser. It allows someone to steal cookies and look at your activities on sites like Facebook.
Firesheep targets 26 popular sites – Amazon.com, Google, Facebook, Twitter, Foursquare are among them.
Firesheep highlights problems for Firefox but this problem exists across all web browsers.
Theresa offers TIPS FOR SAFE SURFING ON FREE WIFI:
You can review a demo on how Firesheep works on YouTube: http://www.youtube.com/watch?v=zi2r7oVLUEc