Clarification: Deb Howell said students should not be alarmed by the Firefox extension, and no cases of login information being stolen through Firesheep at Ball State have been reported. Instead Howell said no cases of login information being stolen through Firesheep at Ball State has been reported. It was reported Howell asked students to call UTS, but instead she asks them to contact Facebook or Twitter.
Students are warned to keep information secure because a new browser application could compromise privacy.
Firesheep, a Mozilla Firefox extension designed by Eric Butler, a freelance software developer, takes advantage of a security flaw that plagues many websites including Facebook and Twitter.
Firesheep works by essentially hijacking a browser cookie, which is a piece of text stored by a Web browser that can include login info. Many websites encrypt the first login through a secure HTTP but revert to a normal unsecured status afterward. In a Wi-Fi network, this leaves these browser cookies up for grabs by anyone with the right software to sniff them out.
"Websites have a responsibility to protect the people who depend on their services," Butler said in his blog entry explaining the purpose of his creation. "They've been ignoring this responsibility for too long, and [it's] time for everyone to demand a more secure web. My hope is that Firesheep will help the users win."
In short, Firesheep compiles a list of nearby users, steals their cookies and "feeds" them to the browser, logging the browser into the target's Facebook, Twitter, e-mail and so on.
Facebook, for example, uses an unsecured HTTP even at initial login, which means people using any program like Firesheep could log in to another user's account at any time.
Unified Technology Support senior systems security communications manager Deb Howell said students should not be alarmed by the Firefox extension and no cases of login information being stolen through Firesheep at Ball State have been reported.
She did mention some of the security measures students can use to secure their personal information.
"If you're a student, you should be using the VPN [virtual private network] that's available at www.bsu.edu/vpn, and any place you're at, you can initiate that [program]," she said.
Other security measures she mentioned included a Firefox extension specifically designed to counteract Firesheep called Blacksheep as well as HTTPS Everywhere.
"Any time you're on the computer, you should protect your information," Howell said. "It doesn't matter if you have privacy settings on Facebook or not. You're not using a secure system. If you're not encrypting your data, they can get that information anyway."
Though username and password issues for non-Ball State websites are not the responsibility of UTS, Howell asks students who think they've been affected by programs such as Firesheep to report the incident for statistical purposed by calling UTS at 765-285-1517.
Read More
Student Government Association Swears In Several New Cabinet Members
By Meghan Braddy / 18 hours agoThe Student Government Association (SGA) hosted its spring inauguration Wednesday afternoon. During the ceremony, several new members of the upcoming administration for the 2024-2025 school year were sworn in.
Ball State’s Center for Survivor Support brings awareness to victim blaming through “What were you wearing?”
By Maya Kim / 18 hours agoThe center teamed up with the Counseling Center and Greek Life to bring awareness to victim blaming through the event.
