Skip to main content

Firefox addon Firesheep lets you hack into Twitter, Facebook and more!

Connecting to an unsecured public Wi-Fi network is always taking a chance, but now it has become even more frightfully insecure. A new Firefox addon called Firesheep makes it simple for anybody to gain access to your online accounts if you are connected through an unsecured wireless network.

Firesheep is designed to hijack login sessions belonging to 26 online services including the popular ones like Facebook, Foursquare, Google, Twitter, Amazon, and Yahoo. Basically it is a packet sniffing tool that can grab login information of any of the supported services of anybody connected to a wireless network.

This is not a new thing, but Firesheep makes it possible for anybody to become a hacker. During the first 24 hours of release, Firesheep is reported to have been downloaded over 100,000 times.

firesheep

The extension has been scaring users across the Internet for the last couple of days. It has made some people anxious about using public Wi-Fi networks, where this attack could easily be carried out by anyone. But the real issue here isn't public Wi-Fi, but the need for encryption to protect users.

Eric Butler, the author of Firesheep wrote:

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

The immediate solution is to force your browser to connect using HTTPS wherever possible. Several browser extensions exist that does this. HTTPS Everywhere and Force-TLS for Firefox and KB SSL Enforcer for Chrome, to name a few.

Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.

Comments

  1. I've done a bit of research into this whole topic, it's isn't as easy as many people want to make you think it is to use firesheep. For instance, 1. you need to be able to use winpcap, winpcap is annoying and very temperamental program to add to windows. 2. you need to have drivers patched for 'monitor mode' in windows. To even get these drivers you need to make your own dll files, which isn't easy. and to make things even more fun, which would make this easier to use, linux isn't supported, now if linux was supported then this would be much easier to launch an attack.

    on the whole, a lot of nattering over something that will need a programmer to get to work, but if a programmer wanted to do something like this then they already have...

    Too much hype over nothing special

    ReplyDelete

Post a Comment

Popular posts from this blog

69 alternatives to the default Facebook profile picture

If you have changed the default Facebook profile picture and uploaded your own, it’s fine. But if not, then why not replace that boring picture of the guy with a wisp of hair sticking out of his head with something different and funny?

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.