canadian_banner

      Wi-Fi Browser Tool Allows Users to Spy

      Jun 07, 2011
      A new Wi-Fi Internet browser tool allows users to spy on other users’ browsing habits. According to an article in The Vancouver Sun, the Wi-Fi snooping tool Firesheep has drawn attention to security holes, leaving little privacy to online interactions. The snooping tool works with the Firefox browser, and The Vancouver Sun is warning that this causes insecure web surfing and leaves users’ accounts open to hijacking.

      A new Wi-Fi Internet browser tool allows users to spy on other users’ browsing habits. According to an article in The Vancouver Sun, the Wi-Fi snooping tool Firesheep has drawn attention to security holes, leaving little privacy to online interactions. The snooping tool works with the Firefox browser, and The Vancouver Sun is warning that this causes insecure web surfing and leaves users’ accounts open to hijacking.

      The article stated that Kris Constable, director of the Victoria-based PrivaSecTech, which specializes in information security and privacy technology, said the release of the Firefox extension Firesheep is both good and bad in that it draws attention to security issues, but people could be using it to become online snoops.

      “There is nothing technically new with this,” Constable said. “The only thing this has done has made it prettier and more accessible. And the media attention has made it more known,” he continued.

      After the release of Firesheep, the tool was downloaded 129,000 times in one day. “Having such downloads on your computer isn’t illegal, but using them could put you on the wrong side of the law,” said Peter Roberts, a lawyer with Lawson Lundell LLP.

      “Providing you have the right licenses there is nothing wrong with buying a firearm,” Roberts said. “It is what you do with it.”

      Roberts noted that it also depends on the nature of the information. “If you are intercepting publicly available information on publicly available websites there is nothing wrong with that,” said Roberts. “It is when you start intercepting private information.”

      The article noted that Roberts also warned that accessing and downloading someone’s private information could potentially be considered theft, a criminal offense, and it could give rise to a civil claim of breaching privacy.

      According to the article, Firesheep concentrates on the “cookies” that are used for authentication by websites while you are logged in for a session. For many websites, the information in those cookies is not encrypted. If the cookies are not encrypted while you’re on a social networking site like Facebook, it can allow an electronic snooper to get into your social networking profile.

      The article noted that Eric Butler, the Seattle freelance software developer who released the extension for Firefox, revealed in his blog that he did so to highlight the security issues and put pressure on websites to use end-to-end encryption, which shows up in a web address as “https.”

      “The real story here is not the success of Firesheep, but the fact that something like that is even possible,” Butler wrote in his blog, codebutler.

      The Vancouver Sun pointed out that with this software, the victim of a Wi-Fi snoop could also be potentially liable for exposing information if he or she is using data that would be covered by the Freedom of Information and Protection of Privacy Act while being snooped on. The article also pointed out that victims may find it difficult to go after their online attackers.
       
      “There are two problems, how do you figure out who they are and can they pay at the end of the day,” Roberts explained.

       This monthly advisory contains brief summaries of recent legislative and regulatory issues that may affect the management of records and information in Canada.

       Want to sign up to receive an e-mail version of the Canadian Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

       

       

        © 2016, ARMA International