By Drew Dennis
Your Facebook account is not safe on Olivet’s wireless network. Recently released software just made hacking your online accounts a whole lot easier.
But how easy is it for someone to hack your account? The hacker doesn’t need to be a computer expert or a cyber criminal — any curious person with an Android phone can log into your online accounts while you are connected to the wireless network.
The method that is used to hijack your account is called “sidejacking,” and the app that allows any regular person with an Android phone to do it is called DroidSheep.
“DroidSheep listens to network traffic and gains access to your online accounts. This means people running DroidSheep can use victims’ accounts, gaining access to sites that don’t use a secured and encrypted SSL connection,” according to lifehacker.com.
Essentially, this software allows the hacker to make all the devices on the network think his device is the router, so all login information and other data are routed to this device instead.
The software can sift through the data and allow the hacker to browse sites like Facebook and Twitter logged in under any particular victim’s account.
Most users connected to the wireless network are vulnerable to this type of attack. But there is a way to protect yourself.
Software like DroidSheep cannot exploit your account if the site you are logged into uses a secure connection. You can tell if a particular site has a secure connection by looking for “https” in the beginning of your browser’s address bar, as opposed to the standard “http.”
Many sites simply do not offer a secure connection option for your account, so you are always vulnerable when you are connected to the wireless network, unless the IT Department patches this issue.
Both Facebook and Twitter do not use a secure connection for your login by default, but you can enable it in your account settings to protect your account from being hijacked.
To enable secure browsing on both your Facebook and Twitter accounts, follow the provided instructional diagram.
You may be asking, “Why isn’t a secure connection enabled by default on these websites?”
The main reason a site wouldn’t have secure browsing enabled is because of the resources required to provide the extra encryption.
You can also send a note to the creators of Facebook and Twitter to make them aware of your concern regarding this security hole.
This type of security threat may be blocked on Olivet’s wireless network. You can contact the IT Department by browsing to http://it.olivet.edu/form/page/contact-us and filling out the form to let the department know this security issue concerns you.
Hackers are at work every day to point out loopholes in software security.
No matter what type of account you are using, always make sure you have the best security features enabled for that account. You never know when someone could steal your private information with the touch of a button.
How to browse securely on Facebook
Go into “Account Settings” by clicking the drop-down arrow in the top right corner of Facebook’s homepage.
Select the “Security” tab on the left of the screen. The first option will be “Secure Browsing” and will read, “Secure browsing is currently disabled” unless you have already set up secure browsing.
Click the “Edit” link on the right-hand side of the page to change your browsing settings.
Check the box labeled “Browse Facebook on a secure connection (https) when possible,” and save your changes.
Drew Dennis is majoring in computer science and is president of the Computer Science Club at Olivet. He can be reached at firstname.lastname@example.org.