Nerds On Site

Easily protect yourself from widget jacking

Do you roam with your laptop? Do you use hotspots or guest wireless networks? If you answered yes to both of these questions, then you need to read this. I know what you\’re thinking: Another security issue I have to worry about? Everything I\’ve done to keep my computer safe still isn\’t good enough?
Not so long ago that we learned of Firesheep, a Firefox extension that easily hijacks strangers\’ Facebook accounts who are on the same wireless network as the attacker, like at a coffee shop offering free WiFi. While the creation of Firesheep created a good deal of controversy, nobody argues that it brought necessary security awareness to users of websites and providers alike. With the rapid growth and adoption of smartphones, tablets and the continued growth of notebooks in public areas, we all need to be aware of associated security risks with taking your digital exchanges to the public airwaves.
As Firesheep downloads kept on increasing – and surely a lot of Facebook accounts were indeed compromised – Facebook responded by tightening the security settings and offered an option under Account Security like this:
What Facebook did was to SSL-secure their users\’ browsing (or at least provided them an option to do so).
Widget jacking is a logical evolution of the way Firesheep hijacked Facebook users. While Facebook was able to respond with security upgrades on its own website, they have no control of the code behind other website owners such as websites that embed \”Likes\” links. Those links are embedded lines of code called Widgets. Those widgets have never been secured with SSL, making users vulnerable once again to potential hijacking over the airwaves.
We are using Facebook as an ongoing example here, but the weakness is there for all social media widgets including Twitter, Pinterest, Youtube, etc. Even our own blog includes such widgets.

The good news is that you can protect yourself from widget jacking very easily by following these steps:

  1. From your laptop\’s browser visit
  2. Click on the Get Disconnect button that looks like this:
  3. Follow the on-screen instructions and restart your browser

The above browser extension is free and available to Firefox, Chrome and Safari. Your public hotspot visits are now safe from social media widget jacking! Enjoy.

Leave a Comment

Your email address will not be published.

Scroll to Top