Should we be concerned about Firesheep while using RCI wireless internet?

[chef_christoph]

With the recent emergence of the Firesheep add-on for Firefox, should we be concerned about using the WiFi aboard RCI ships?

 

I've been trying to read everything I can find about this but I am still not sure I completely understand how it works.

 

Are there any techno-wizards on here who know if this is this something we should worry about when using RCI's WiFi?

[FLACRUISER99]

With the recent emergence of the Firesheep add-on for Firefox, should we be concerned about using the WiFi aboard RCI ships?

 

I've been trying to read everything I can find about this but I am still not sure I completely understand how it works.

 

Are there any techno-wizards on here who know if this is this something we should worry about when using RCI's WiFi?

I believe it only a problem on an open connection. RCI connection is secure.(I think)

[bmarchal]

Come on, is this a joke or are you guys being serious? FireFOX and FireSHEEP. Are the fox guarding the sheep again?

[Vlad the Impaler]

RCI's wifi connection is not secure, nor can it be -- if it had an encryption key ("wireless password"), they would have to give it to you... aaaand everybody else. There's ways around this but they would make the process of accessing the internet overly complex. Many guests have trouble figuring it out now.

 

Any public internet connection cannot be trusted. Many websites (most e-mail, all financial) use encryption called SSL to protect only their website. You can usually see this by having an icon of a lock or key appear in your browser, and the URL begins with "https://" rather than the usual "http://". This is still not a complete guarantee of safety on a public connection, but it helps.

 

The firesheep addon is used against websites that do NOT have the above mentioned protection, which currently includes Facebook and Twitter. When using these sites on a public connection, other users could spy on your activity, or even hijack your session and "hack your account" by taking it over. This has always been true, but the saving grace is it takes a relatively high level of skill, and most of us with such skill who are on a cruise have much better things to do! Unfortunately the firesheep addon makes it a lot simpler to do, and the risk is going up significantly.

[joetrizeo]

no, you should be concerned about logging in to any type of sensitive account over ANY unsecured wireless network, ever.

 

first of all, these types of attacks have been around for years. firesheep just makes it easier for an average user to do this. threat is not worse, just more probable now.

 

secondly, this does not apply to JUST RCCL.

this applies to ANY AND ALL unsecured wifi connections and devices that use them (computer, tablet pc, ipad, ipod touch, cell phone etc) anything using unsecured wifi (if you don't know if your phone's data is going thru wifi, secured or not, or secured cellular data connection i suggest you study up on your phone.

 

RCL's wireless is unsecured.

 

NEVER log into any sensitive account (email, banking, networks) over an unsecured wireless without HTTPS!

[FLACRUISER99]

no, you should be concerned about logging in to any type of sensitive account over ANY unsecured wireless network, ever.

 

first of all, these types of attacks have been around for years. firesheep just makes it easier for an average user to do this. threat is not worse, just more probable now.

 

secondly, this does not apply to JUST RCCL.

this applies to ANY AND ALL unsecured wifi connections and devices that use them (computer, tablet pc, ipad, ipod touch, cell phone etc) anything using unsecured wifi (if you don't know if your phone's data is going thru wifi, secured or not, or secured cellular data connection i suggest you study up on your phone.

 

RCL's wireless is unsecured.

 

NEVER log into any sensitive account (email, banking, networks) over an unsecured wireless without HTTPS!

Great advice, Thanks.

[Cruiser 4 Life 66]

What is all this about sheep on fire? I'm not some kind of animal rights activist, but I can not condone setting sheep on fire, especially on a cruise ship.

 

*pssst pssst psssst*

 

Ohhhhhhhhhhhhhhhh.

Nevermind

[wcook]

no, you should be concerned about logging in to any type of sensitive account over ANY unsecured wireless network, ever.

 

<snip>

 

NEVER log into any sensitive account (email, banking, networks) over an unsecured wireless without HTTPS!

 

Totally agree. But to the OP's point, I wouldn't worry too much about firesheep. Not sure how many people are paying RCI's per-minute rates just to mess with somebody's facebook page.

[Janet524]

Absolutely you should be worried about fire sheep. First of all, burnt lambchops are terrible and secondly, fire on a ship is the worst case scenario, and finally, do you know how bad burning wool smells!:p

[link99]

Totally agree. But to the OP's point, I wouldn't worry too much about firesheep. Not sure how many people are paying RCI's per-minute rates just to mess with somebody's facebook page.

 

The thing is it works as a side tab in the Browser. Just start it up, and while your checking your email, capture the cookies in fire sheep. Get back home and the real fun can began. With all the live blogging that goes on with those services it's a good bet it would not be hard to do. But at the same time your cookies are out there to for someone else to grab.

 

So when you get back from the cruise and strange stuff starts going on on your social networks........

[link99]

The thing is it works as a side tab in the Browser. Just start it up, and while your checking your email, capture the cookies in fire sheep. Get back home and the real fun can began. With all the live blogging that goes on with those services it's a good bet it would not be hard to do. But at the same time your cookies are out there to for someone else to grab.

 

So when you get back from the cruise and strange stuff starts going on on your social networks........

 

UPDATE

 

A little bit of wrong Info I put on here. You will not be able to use the captured cookies in a session at a later time. But I would BEWARE because once it captures your info from an open Wi-Fi the person just has to click on the Info and they are you right then and there. The Wi-Fi networks are not secure on the ships so keep that in mind.

[Vlad the Impaler]

While it's true the captured cookies are only good for their current session, it's worth noting that the act of capturing/sniffing can be done anytime you're associated with the wifi network -- it is not necessary to be logged in to RCI's internet portal (and have your clock running) for this part. It would be necessary to login to actually use it once captured, though.

 

Hopefully not too many people are able to fork out hundreds or thousands for a cruise, only to fork out some more for the thrill of hijacking random internet accounts... when the same thrill could be had at home, for free, at any wireless hotspot. That said, there is a high population density and last time I was in the internet center about half of the screens had Facebook loaded up... For someone so motivated, skilled, and perhaps with parents paying for internet... it's a goldmine.

 

The internet is growing faster than most people can handle. Anyone who uses it must make a risk assessment. Ask yourself: Is this website secure? (Look for https://)... Is this computer secure? (Good security suite installed, no signs of malware infection)... Is this network secure? (Can anybody but you connect to it? Do you trust them?)... and lastly... Are you confident enough in your own experience to know if there is a problem, and what to do if there is? If you answered "no" to any of those 4, what you're about to do carries elevated risk. If you're logging in from your hotel to feed your neopets, it may be worth the risk. If you're logging into your bank, well... see joetrizeo's comment on that. He summed it up pretty well.

[chef_christoph]

Thanks for all the responses everyone.

 

I was having a bit of a brain block in regards to this whole issue. I was concerned that this could be a problem even on encrypted wireless networks, which apparently isn't the case. So, even if the site itself is not encrypted, if the wireless network is then it isn't a problem even with other people on the same wireless network. The wireless network has to be completely open and unprotected by encryption for Firesheep to be effective.

 

I have always been the type of person who learns best with a hands-on approach so, with this in mind, I downloaded Firesheep and tried to see what it would do on my own wireless network. Of course, since my wireless network is encrypted using WPA2, I couldn't get Firesheep to do anything.

 

At the time, I just thought I was doing something wrong and I wasn't cut out for a life as a hacker :) but then I turned off my network encryption and Firesheep gave access to several sites I was running on my second laptop.

 

The following article written by Chester Wisniewski at Sophos supports my own amateur findings... http://nakedsecurity.sophos.com/2010/11/09/dear-starbucks-the-skinny-on-how-you-can-be-a-security-hero/

 

So, the bottom line seems to be that as long as the wireless networks on RCI's ships are encrypted, even if other people on the ship have the encryption key to be able to gain access to the same network, Firesheep will not do anything.

 

To those of you who are far more knowledgeable at this than I am, does that sound correct?