Do you roam with your laptop? Do you use hotspots or guest wireless networks? If you answered yes to both of these questions, then you need to read this. I know what you’re thinking: Another security issue I have to worry about? Everything I’ve done to keep my computer safe still isn’t good enough?
As Firesheep downloads kept on increasing – and surely a lot of Facebook accounts were indeed compromised – Facebook responded by tightening the security settings and offered an option under Account Security like this:
What Facebook did was to SSL-secure their users’ browsing (or at least provided them an option to do so).
Widget jacking is a logical evolution of the way Firesheep hijacked Facebook users. While Facebook was able to respond with security upgrades on its own website, they have no control of the code behind other website owners such as websites that embed “Likes” links. Those links are embedded lines of code called Widgets. Those widgets have never been secured with SSL, making users vulnerable once again to potential hijacking over the airwaves.
We are using Facebook as an ongoing example here, but the weakness is there for all social media widgets including Twitter, Pinterest, Youtube, etc. Even our own blog includes such widgets.
The good news is that you can protect yourself from widget jacking very easily by following these steps:
- From your laptop’s browser visit www.disconnect.me
- Click on the Get Disconnect button that looks like this:
- Follow the on-screen instructions and restart your browser
The above browser extension is free and available to Firefox, Chrome and Safari. Your public hotspot visits are now safe from social media widget jacking! Enjoy.