Is a secure website really safe?

CHARLOTTE, NC (WBTV) - Savvy Internet users know to look for the "httpS" when performing sensitive Internet transactions. However, a new program called Firesheep highlights a silent threat that could create real issues for you.

It's something called "sidejacking". The word is a mashup of hijacking and sideline. This happens on unsecured Wi-Fi hotspots.

Imagine you are using unsecured Wi-Fi to shop at Amazon and check your Facebook account. A cybercreep could be sitting on the "side", sniffing traffic on the unsecured Wi-Fi network, and that allows them to hijack session cookies.

If they hit you at the right place and the right time, they might be able to see your browsing and sometimes gain enough access to read your Facebook or make their own posts there.

If you are on your home or work Internet connection, you'll be okay. If you are on an unsecured Wi-Fi network, there is a hidden flaw that happens AFTER you login that could leave your sessions wide open to a cybercreep hacking in.

Most websites do a great job when you first login and give you a secure place to login. But we've recently learned that some of the most popular websites do not always provide you with a secure page AFTER log in leaving your session cookie open for people to follow or use.

You are still okay at that point, unless you are using unsecured Wi-Fi and a cybercreep happens to be around.

Just to show how serious this is a new program called Firesheep was created by a developer to show how easy it is to steal information on unsecured Wi-Fi when the person is using the Firefox browser. It allows someone to steal cookies and look at your activities on sites like Facebook.

Firesheep targets 26 popular sites including, Google, Facebook, Twitter and Foursquare. Firesheep highlights problems for Firefox, but this problem exists across all web browsers.


  1. ASK: Ask someone that works there what the legitimate network name is
  2. NON SENSITIVE: Avoid conducting sensitive transactions while on the free Wi-Fi
  3. UPDATED SOFTWARE: Make sure your browser and antivirus software are up to date
  4. TURN OFF AUTOMATIC CONNECTIONS: Turn off automatic wireless connection so you always have to grant permission and you know the name of the network you are connected to.
  5. TURN OFF BLUE TOOTH AND SHARING: If you have sharing or blue tooth enabled on your laptop, turn it off before you connect.
  6. CONFIGURE YOUR BROWSER: You can configure your Internet browser to "HTTPS Everywhere" or "Force TLS Configuration" both provide different options for forcing your session information to be handled via secure pages.
  7. PERSONAL FIREWALL: Consider using a personal firewall. Most newer Macs or Windows computers have this option available.

You can review a demo of how Firesheep works on YouTube:

Copyright 2010 WBTV. All rights reserved.