By Tim Koby '11
Wireless networking at Princeton was never that great to begin with. Slow speeds, dropped connections, and weak signals have kept me tied to my Ethernet cord in my dorm. But what if you are in class and receive a really important email? Or want to check your Facebook in the moments before class begins? It may come as a shock to some people, but you’re exposing your Login sessions to everyone in the room.
What does this mean exactly? No, they don’t get your password and can’t login after you log out. But while you’re logged in, anyone on the same network can steal your “cookie,” a piece of information that flies unencrypted over our networks and lets sites know that you’ve already logged in. Once the hacker has that, they have full access to your account.But isn’t Facebook secure? Gmail? Blackboard? Yes and no. They encrypt your Login information, but once you log in, the content is delivered without encryption. So while people can’t directly get your password, access is just a click away.
This has always been a problem with the networks. The problem has become especially relevant after the release of a Firefox extension, Firesheep, which requires no technical knowledge of Internet security. Just press start and wait for someone to log in. In seconds, you can be reading that guy on the other side of the room’s love letter his girlfriend just sent.
Of course, use of this program is against the code of conduct for our Internet use at the university, so no one should be using it. However, we know that this doesn’t stop all illicit activity, and since this snooping is pretty much untraceable, it’s not a stretch to assume it will be used.
To protect yourself, the easiest way is to plug into Ethernet when possible. This is an almost completely secure way of accessing these sites. But when wireless is necessary, you’re pretty much out of luck until either a) websites start encrypting their cookies and content in addition to logins or b) OIT secures our network. In my humble opinion, we shouldn’t wait for all websites to do this. OIT can make our network much more secure by establishing a 802.1X server to let us log into the wireless network with our netID and password. This is a mild inconvenience, but worth it in the security it gives us.