Computer security specialists have issued a warning about Firesheep, a new downloadable add-on to the Firefox browser. If the person in a coffee shop with you has it, they can see exactly what you're doing online.
The feature was reportedly created by a Seattle software developer, whose purpose was to demonstrate how vulnerable unsecured networks are. Unfortunately, he's unleashed a tool that can turn a computer amateur into an accomplished hacker.
With Firesheep, a computer user can log onto a public network, in an airport or coffee shop, and get a list of all the computers that happen to be connected to the network at that moment.
Simply by double-clicking on one of the names, the Firesheep user can access whatever that computer user is doing online. If they are updating their Facebook account, the Firesheep user is also logged in.
Firesheep works by intercepting Internet cookies, which websites place on your computer when you visit so they will recognize you when you return. Professional hackers have had that tool in their arsenal for years. Now, thanks to Firesheep, anybody that as downloaded the add-on can do it.
200,000 downloads and counting
That's the scary part. Over 200,000 people downloaded Firesheep in the first three days, and it's likely to become even more prevalent in the days to come. It's going to make working on an unsecured network a lot more dangerous.
How can you protect yourself? For starters, you can avoid using your computer on public Wi-Fi networks that aren't encrypted. But that makes your computer a lot less useful.
Chet Wisniewski, a senior security advisor at the software security firm Sophos, says the best defense is to employ a Virtual Private Network (VPN) when connecting to Wi-Fi in a public place.
If you work for a large corporation, chances are you are already using a VPN. Many companies provide them for employees to connect to the office network while traveling, as a way to enhance security. It's basically a secure highway to the Internet.
But there are also VPN services available to consumers. There is a cost - as much as $10 a month - but it may be less than the cost of having your computer hijacked while you sip a latte.