Want to know how you could use Firesheep to help your SEO efforts? Read on, but please take this caveat: The following is a purely hypothetical situation and should not be put into practice as it could – and probably would – land you in the proverbial if you got caught. Also, I know this has the potential to draw some flames from people stating that this “is already do-able through other means”… but I’m merely highlighting a newer, easier way.
The conference season is well upon us. I went to one three weeks ago, missed one two weeks ago and am currently missing one, and that’s just within the iGaming industry (my industry of choice). Let’s not forget the recent Manchester Mini SEO Conf, SEOktoberfest, G2E that’s about to happen in Vegas, BlueGlassFL which is currently running; the list goes on and on and on.
“Portable Wifi Hotspot”
My new phone (an HTC Desire running Android 2.2 Froyo, which, incidentally, is a lovely little phone) comes with something called “Portable WiFi Hotspot”. This allows you to share your 3G, HSDPA or other mobile internet connection with, say, your laptop, by transforming the phone into a wireless access point. You can also do this by tethering the laptop through your phone using the USB cable, that’s not what we’re concentrating on here. You can limit access to the hotspot, secure it, restrict MAC addresses, but again, we don’t want to do that!
Firesheep hit the tech headlines in the last fortnight after being announced at Toorcon12 (a hacker conference). Firesheep is a plugin for FireFox which sniffs out traffic on open wireless networks (and WEP secured networks for that matter) and allows the “attacker” to take control of other WiFi users’ accounts on a number of popular websites. It was produced by a software developer named Eric Butler who was becoming increasingly frustrated by the number of mainstream, popular websites showing a distinct lack of “responsibility to protect the people who depend on their services.” Butler continues, “they’ve [websites such as Facebook] been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”
Butler was instantly flamed due to the fact he had opened up the gateway for people to abuse security flaws – which, I might add, anyone with some reasonable tech-savvy-ness could have done before FireSheep – in a far more readily fashion. A few clicks of a button whilst connected to an open wireless network (in Starbucks for example) and the “attacker” could take control of anyone elses Facebook profile (again, for example) who is currently connected to that same network.
Some Blackhat SEO
To bring this post to a conclusion then, having spoken about 3 reasonably random things. There are other security credentials that Firesheep picks up by default, including the ever popular WordPress (hello, someone elses affiliate site). Did I mention it will also log access to Google accounts (hello, Gmail), Yahoo! accounts and MSN/Windows Live accounts (hello, YMail and Hotmail)?
So my question is thus: Would you continue to jump onto any freely available wireless hotspot whilst attending a conference to quickly check your Facebook profile if you knew it could be my HTC which is acting as the “CONFWIFI – ATTENDEES ONLY” hotspot? Would you even be thinking about the consequences when you just checked you analytics stats for a second? Are your affiliate site login or FTP details saved as a Google Doc or Gmail draft? And would it already be too late for you to notice that I or anyone else had changed some of your affiliate links to my own, or have 301’d your site to mine?
Like I said, this is all hypothetical, but certainly something people should be aware of. Be careful on public wifi networks or even publicly available computers (I recently used the ones at BAC, but did everything through a secure LogMeIn connection to my computer at home), use secured connections where possible and be sure to call your own wireless network something amusing: