I wanted to take a break from the regular “moving box” talk and share a brief tech-tip with you this week!
With more followers then the now infamous Charlie Sheen, Ashton Kutcher is one of twitters biggest celebrities. Unfortunately for him, even his 6 million followers couldn’t keep poor Ashton from getting punk’d himself and falling victim to a security loophole that could effect you as well. As you can see from the picture above, Ashton’s twitter was hijacked a few months back and this rouge tweet was posted to his account.
So how did it happen?
More likely then not, someone on the same wireless network was using an easily accessible and free firefox extension called firesheep to obtain Ashton’s login credentials by accessing the unsecured cookie’s on his computer.
… ok, so whats a cookie?
When you login to a website like Facebook or Twitter something called cookie is transferred to your machine, this is a token that grants you access back to the same website so you don’t have to continually log in every time you return to the site. The standard is that the login process is secured, however, on some websites including Twitter and Facebook, the information stored in this cookie is not.
How can you protect yourself?
Thankfully, many websites such as Gmail use a security protocol called SSL to prevent this from happening. Unfortunately not all websites have adopted these same security procedures, in the mean-time the best thing you can do to is install some kind of protection such as BlackSheep, Firesheperd, or HTTPS Everywhere.
For more information about firesheep check out these links:
What is Firesheep? (a more detailed explenation)