Students accessing social networking websites on public wireless networks at the University could become vulnerable to computer hacking.

Eric Butler, a freelance web application and software developer in Seattle, made it easier for hackers to get information by creating a program called Firesheep, an add-on for Mozilla Firefox web browser that can hack into social networking websites.

The program can only be installed on Firefox, but it can hack into websites on different browsers.

Firesheep targets social media websites, such as Facebook and Twitter, to highlight risks associated with those websites, said Stan Waddell, a spokesman and information security officer for Information Technology Services at the University.

While hacking with Firesheep is easier than with other programs, several events have to align for hacking to take place, said Brian Payst, director of technology and systems support.

“Someone has to be on the same network, at the same place and at the same time to be able to access your information,” Payst said.

He said that when people log into a website, a cookie — or text file — saves information about the visit, and Firesheep finds that information.

Waddell said that anyone using the same wireless access point, such as in a library or a residence hall, can access information from other people’s computers with the program.

“It has nothing to do with UNC computers and Internet,” Waddell said. “It has everything to do with the lack of security of social media sites.”

The use of Firesheep software by students, faculty members or staff at the University is against the Acceptable Use Policy and the Honor Code, Waddell said.

Although it is hard to identify the user, there are tools that could potentially identify associated programs that come with downloading the program, he said.

“I’m not particularly worried yet because I don’t know of that many people who use it on campus,” said junior Srikar Bongu.

“However, there is potential for mischief.”

Bongu said he heard about Firesheep on a blog he reads regularly, called Engadget.

Waddell said students should be careful where they choose to view confidential information online.

He added that there are two main ways to make sure your information is protected.

One is logging into social media websites on a wired network. The other is making sure the web address is safe by typing “https://” instead of “http://,” which works with some websites, such as Gmail and Facebook.

Waddel said the latter step encrypts the website, making authorization a requirement for viewers. It is easier to read information from non-encrypted websites, he added.

Facebook encrypts the username and password, but they become non-encrypted soon thereafter.

Max Beckman-Harned, a senior and computer science major, heard about Firesheep on Twitter. He then called ITS to find out more about the program.

“It’s a very easy exploit for cookie hijacking.” Beckman-Harned said, “It’s easy for people to pretend to be other people.”

He said the program is different from other hijacking programs because it is easier to use and does not require specialized knowledge.

Despite its ease of use, Beckman-Harned said he’s not overly worried about the program.

“It’s not keeping me up at night,” he said.

Contact the University Editor at udesk@unc.edu.