Sidejacking with Firesheep
Think of all the times you or your users have gone to the restaurant shop, mall, or public gathering place and connected to the "free wireless" network. Hackers at Starbucks who call their fake WAP "Starbucks Wireless Network" or at the SM Megamall call it "SM Free Wi-Fi" have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and their intended remote hosts. You'd be surprised how much data, even passwords, are still set in clear text. The more nefarious hackers will as their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere.
The WAP hacker can then try using the same log-on credentials on popular websites -- Facebook, Twitter, Instagram, and so on -- and the victims will never know how it happened. Lesson: You can't trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don't recycle passwords between public and private sites.
