Firefox add-on allows easy hacking

By on November 1, 2010
submit to reddit

Firefox add-on allows easy hacking of Facebook, Twitter and Flickr.

Tags:

A new Firefox add-on could allow even the most inexperienced of hackers to tap into your Facebook or email accounts via an unsecured public Wi-Fi network.

Dubbed ”Firesheep”, the add-on takes advantage of a technique known as ”HTTP session hijacking”, also known as “sidejacking”. Using Firesheep is as simple as installing the add-on, connecting to an open WiFi network, opening a sidebar and clicking a button.

As soon as another user on the network visits an insecure website, their details appear in the sidebar. Just a double-click later, and the Firesheep user is logged in as someone else, and free to do as they please.

Vulnerable sites include Facebook, Flickr and Twitter.

The trick, according to Firesheep creator Eric Butler, lies in cookies, small files stored on users’ computers by most websites and used to store a bevy of information ranging from usernames and passwords to shopping cart contents. On an open WiFi network, cookies are sent ”in the clear” or without any kind of protection, allowing add-ons like Firesheep to grab them and impersonate other users.

In a statement on his website, Mr Butler said he created the add-on in the hope that website owners would take their users’ security more seriously.

”Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” he said.

He said the only way to prevent the kind of attack leveraged by Firesheep is end-to-end encryption, though one enterprising student from Iceland has created FireShepherd, a Windows-only program that floods a wireless network with packets, preventing Firesheep from working.

Facebook has indicated they hope to offer encryption to users in coming months, while Twitter and Flickr did not respond to emails requesting comment.

Source: http://www.neowin.net


Comments
Most Read
Most Commented
Competitions
Win two Toshiba AT200 tablets

This festive season Toshiba has 2 tablets to giveaway.

Win an MSI FM2-A85XA-G65 Motherboard

Thanks to MSI we have an great AMD FM2 motherboard to giveaway.

Win a Nokia Asha 311

Thanks to Nokia we have a great entry-level smartphone to giveaway.