While Security is a big issue for the HPC community, it is not something we normally cover here because it is outside my area of expertise. But as a service to our readers, I thought it important to tell you about a new Hack called Firesheep and how to protect yourself. The implications are serious; if you surf at Starbucks or any other public WIFI network without a password, you need to start using VPN. Period. If you don’t have access to VPN through your employer, read the full article or jump to the end of this post for some pointers.
Think browsing the web at Starbucks is safe? Think again.
A wildly popular new bit of malicious code called Firesheep is making the rounds among script kiddies and black-hat hackers; it allows them to access the cookies of any user on a non-password-protected wireless network. Once the ne’er-do-well in question is on the same public network as you, he or she can save and use your cookies to access your accounts (e-mail, Facebook and many other types of accounts, as well) through a point-and-click graphic interface.
The practice is known as session hijacking; if you’d like more information on how the code works, check out this post on Firesheep’s technical details.
So how do you get yourself on VPN? There are a lot of free solutions for Windows and Linux, but I had a heck of a time getting something Free as in Beer working on a Mac. I finally found Hotspot Shield, which is cross-platform and is easy to set up for mere mortals. I should note that it puts ads at the top of your browser window on occasion, but at least you can dismiss them. You can also install extensions like this that make the ads go away forever.
Update: A small Mac OS X utility called Sheepsafe is available to keep you safe from Firesheep. Also, reader gwk points us to this ad hoc method of using ssh as a SOCKS proxy on Mac OS X.
I’m sure the security experts out there will tell you that surfing at Starbucks was never safe, but Firesheep makes it easy for nearly anyone to hack you. And as they used to say on Hill Street Blues, “Let’s be careful out there!”
While its not hard to setup a proxy using openvpn on a mac there is also a more ad hoc method:
http://mikeash.com/ssh_socks.html