The ongoing failure of websites to protect their visitors will force users to take up the security slack themselves.
Dallas, TX (PRWEB) July 16, 2013
idcloak releases a web based proxy security tool for those frequently connecting to the internet over WiFi networks outside their home. The service delivers quick-access web encryption that protects against a new breed of free apps which open side-doors into webmail and social media accounts.
idcloak’s Robin Welles warns that these apps – Droidsheep, Firesheep or Faceniff – are a real and present threat in all public WiFi zones.
“These sidejacking programs have fallen into widespread use primarily because of their popularity among script kiddies – young hackers learning the trade. Because the youngsters can run Droidsheep and Firesheep on their mobile devices, they can attack users of public wireless hotspots without drawing attention to their activity.”
Welles believes this software is doubtless used for more serious criminal activity as well, “Social media and webmail accounts provide an excellent source of identity data for cyberthieves. Basically, nobody knows who else uses these hacking apps or for what reasons.”
Webmail and social media providers have responded to the growing threat by encrypting entire sessions, rather than just initial login. But the developers of the hacking apps countered this move by introducing new capabilities in their software which allow it to capture login cookies even over an HTTPS session.
Proxies like that released by idcloak are one of the few technologies that can prevent attacks from Droidsheep, Firesheep or Facebook. “The SSL and encrypt URL features of the proxy, when combined, deny the router any sign that a web account is being accessed. The proxy therefore undermines the hacking software’s ARP spoofing mechanism.”
Welles predicts that the ongoing failure of websites to protect their visitors will force users to take up the security slack themselves. idcloak’s SSL VPN system, due for September release, is a software-based service which the firm says will deliver ongoing high-level encryption precisely to meet this need.
Written by Gill-Chris Welles