There has been a bit of a flap recently over a new extension for the Firefox web browser called “Firesheep.” As described on the Firesheep website:
“When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”
Logging into a website without SSL is kind of like requiring a key to get into your house, but then leaving the key in the front door after you go in.
Blinksale has now updated ALL accounts to use SSL, from the time you log in to the time you log out. Many major websites, including Google, have also begun to extend encryption to cover entire website sessions, end-to-end, to protect customer data and identities.
Browse safely out there! Make sure that any time you are interacting with private data, you are doing so using “https://” in the browser’s address bar.