Hubby's company sent out emails from the security dept.
On Sunday October 24th a “security vulnerability demonstration tool” was released to the public by a well intentioned security researcher.
The aim was to demonstrate how trivial it is to hijack a users web browser session when using shared public WiFi – for example, Starbucks.
The utility created for the purpose of the demonstration is beyond simple. It requires no experience at all, allowing any average Joe to become an accomplished and extremely malicious hacker in a matter of minutes, permitting them to log in as you with a single click.
The name of the utility is “FireSheep” and has been downloaded 450,000 times since Sunday. There are already widespread reports of it being used for malicious purposes ranging from simple identity theft to bank fraud.
Some of the websites directly targeted by this utility include:
This vulnerability has ALWAYS been present with unsecured public WiFi; FireSheep only makes it worse by simplifying the attack vector.
Absolutely NO form of AntiVirus or [local] firewall can protect against this. It is a flaw inherent to wired and wireless networks.
The only things which mitigate this attack is full SSL encryption beyond the initial user authentication and this is generally not something you have control over.
As a general rule, don’t trust any networks with sensitive information which are open to the public and do not require a password.
If you have a phone which supports tethering and you are on a data-plan which permits doing so, use that instead of the public WiFi.