Wednesday, June 15, 2011

Hide Your IP: If You Don't, No One Else Will

If you hide your IP address, you can prevent unauthorized usage of your account, but should you have to? When the Firesheep plug-in was recently created, the plug-in's ease of use and feature-set made it a very good tool for vulnerability testing by security professionals. Unfortunately, it also enabled novice users of the Firefox web browser to become amateur hackers in just a few minutes.

Commonly, websites will encrypt the password information, but not the cookie that you receive when you enter it. Once a hacker has discovered your password and ID they can also access the rest of your information for that website, since the cookie is not encrypted. The Firesheep plug-in allows you to capture the ID and password of anyone locally when using websites that are playing loose with their security measures and design. The only way to be certain that you are protecting your information (especially in public hotspots) is to hide your IP and encrypt your data by using a VPN service. That places most of the security responsibility squarely on the shoulders of the public. It would be rather like walking into a bank, depositing money, and then having them tell you, "Ok. Now go stand outside and guard the door."

Just like any tool, computers and the software on them can be used for both good and nefarious purposes. The newest tools can quickly reveal vulnerabilities in supposedly secure online websites that process your personal information. The nature of online security is that all vulnerabilities can never be found with certainty, which means that it's always a 'best practice' to encrypt your information and hide your IP.