This article is from the archives of the UB Reporter.
News

UB’s secure wireless protects identities

  • “This little app makes it really, really easy to see what other people are doing while on an unsecured WI-FI connection.”

    Rick Lesniak
    IT Communication and Policy Officer
By SUE WUETCHER
Published: November 18, 2010

You’ve got a few minutes before you have to teach your next class, so you settle down on a bench in the Student Union and pull out your laptop. Time to check Facebook to see if your daughter has posted any new photos of your new grandchild.

Little do you know that someone nearby has the new Firesheep extension for Firefox installed on his laptop. Firesheep allows its users to easily snoop on computers connected to unprotected wireless networks. Networks like UB_Wireless and the free WI-FI available at places like Barnes & Noble and Starbucks.

But connecting to UB_Secure, the university’s encrypted wireless network, can prevent such session hijacking, commonly known as “sidejacking,” on campus, UB IT staff say.

Rick Lesniak, IT communication and policy officer, says the recent release of Firesheep “has created a huge stir in the information technology community.”

“This little app makes it really, really easy to see what other people are doing while on an unsecured WI-FI connection,” Lesniak says. “It makes snooping on computers connected to unprotected wireless access points simple, and facilitates identity theft by hijacking session cookies to non-encrypted sites like Facebook and Twitter.”

Firesheep takes advantage of the fact that while most websites protect users’ passwords by encrypting the initial login, they, for the most part, fail to encrypt anything else. This leaves the cookie—and the user—vulnerable to sidejacking.

“The Firesheep extension is a simple tool that looks for Web sessions on an unprotected access point, and then snoops the non-protected cookies on those computers,” he says.

“So if you authenticate to Facebook, for example, with their username and password, which is stored in a non-protected cookie on your computer, a bad guy can snoop on the unsecured access point to see your cookie, copy it and assume your identity on Facebook,” Lesniak explains, pointing out that “the stakes get higher when UB people have private or confidential data on their devices.”

UB_Secure, UB’s secure wireless network, “will encrypt your initial login and your entire session. This means you will be outside the reach of sidejackers,” he says, urging members of the UB community to adopt UB_Secure as their mode of wireless and avoid any open connections, such as UB_Wireless.

Instructions for installing UB_Secure on laptops and popular handheld devices can be found on the UBIT website.