Firesheep Sidejacking Privacy Alert

firesheep sidejacking

Firesheep Can Hack Your Social Media Accounts

What’s it take to hack your Facebook account, Twitter, or blog?

Not much.

Eric Butler has developed a tool that shows you exactly how vulnerable you are to having your accounts hacked by anyone using Firefox as a web browser and Butler’s new Firesheep plugin.

Known as “sidejacking” (a type of hijacking), here’s how it works…

You’re logged into your Facebook account at an unsecured WiFi location (like your local coffee shop). Someone with Firesheep installed is using the same WiFi.

Firesheep steals your Facebook user cookie and lets the “sidejacker” access your account as if he is actually you. This means posting on your account, changing your profile and passwords, sending messages to your Facebook friends, etc.

What Accounts Can Firesheep Access?

This isn’t picking on Facebook. The plugin was set up by default to work on many popular social media sites. Here are just a few of the default accounts the plugin can access.

  • Facebook
  • Twitter
  • Google
  • Yahoo
  • WordPress
  • Amazon
  • Dropbox
  • Bit.ly

And because it is open source, the plugin can be customized for sidejacking other sites too.

I do NOT recommend that you install the tool to sidejack into other people’s accounts at unsecured WiFi locations. That would be illegal.

However, if you want to see exactly how easy it is to steal your identity online, here’s where you can find the Firesheep plugin.

Be sure to scroll down to the bottom of the page and read Butler’s blog posts about Firesheep.

Protection Against Firesheep

What’s the solution? I’m now using virtual private networking (VPN) when out and about at unsecured WiFi locations.

Certified Computer Security Professional Tom Brownsword recommends using recommends installing the new BlackSheep Firefox plugin to counteract Firesheep.

Share
Filed Under: CyberCrime, Spyware Tagged With: , , , , , , , , ,

Website Attorney: Beware of the website evercookie

Website attorney html5 evercookieIt’s an affiliate marketer’s dream and a website user’s privacy nightmare.

HTML5, the next gen in HTML, apparently lets coders create the “evercookie.” This cookie places data in at least 10 places on your computer and doesn’t get deleted simply by using the “delete cookies” function of your Web browser.

The potential for abuse of HTML5 evercookies makes Google’s DoubleClick DART cookie tracking for interest-based advertising look harmless by comparison. In fact, you could consider this new cookie as blurring the line between “cookie” and “spyware.” Talk with your Website attorney before using evercookies.

If you’re marketing as an affiliate, the evercookie would increase your chances of making a commission from those you refer to a product or service. On the other hand, if you’re the one having the evercookie downloaded on to your computer, there’s potential to track all of your website viewing habits and worse without your knowledge or consent.

One thing is clear. If evercookies are legal, you’ll still want to clearly disclose to your website visitors how you’re using them on your site and what type of information you’re collecting with them.

At a minimum, you’ll want to have your Website attorney do this for you in your website privacy policy.

To your online success!

-Mike the Website attorney

P.S. Be sure to get your free copy of the Website Owner Privacy Report.

Share
Filed Under: Privacy, Spyware, Website Attorney Tagged With: , , , , , , , , ,

Gmail Privacy: Are You Giving Away Your Business Plans to Google?

When you go to an Internet marketing event, you don’t run around the room telling all your potential competitors your new business ideas and trade secrets. And if you find spyware on a computer filled with your business documents, you don’t leave it there to harvest your confidential information.

Why not?

Because you want to implement your plans before someone else does.

Yet the odds are good that you’re telling Google your business plans and other confidential information on a daily basis. And if you believe Google’s informal “Don’t be evil” motto, then perhaps your trust is well-placed.

But are you willing to take the risk?

Here’s an example…

I recently sent an e-mail to one of my Gmail accounts from my law firm as a test. The e-mail described a nonexistent “Project X” as being being important, potentially the “next Google,” and the need to get a patent right away to protect intellectual property rights.

Checking the message in the gmail inbox, I was hit with a bunch of sidebar ads by attorneys including patent lawyers.

Think about that for a moment.

If Google is willing to sniff through your e-mail to target advertising, what is it willing to do when it comes to your business ideas that you’re communicating back and forth daily by e-mail?

Note that I”m not picking on Google. The same could be said of Yahoo! and others. Google just happens to be a very good example because major Internet marketers prefer to use it because of ease and functionality. However, this convenience comes at a price…the privacy of your business plans.

If you develop a better widget, understand that your e-mail communications are not private. And when it comes to gmail, know that the content is being actively scanned for keywords…at least for advertising. Perhaps more. Who knows? Maybe your widget plans will become Google Widget 1.0. If so, good luck trying to collect royalties.

On a lighter note, check out this related humor video regarding Google and privacy.

YouTube Preview Image
Share
Filed Under: Internet Marketing, Spyware, Trade Secrets Tagged With: , , , , , , , , ,
« Older Posts

Free! Get Internet legal and marketing updates plus 3 chapters of the #1 Internet legal protection book for business website owners. Over 40 pages packed with strategies you can use to protect yourself without a lawyer.

Free! Get Internet legal and marketing updates plus 3 chapters of the #1 Internet legal protection book for business website owners. Over 40 pages packed with strategies you can use to protect yourself without a lawyer.