Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi


Last Updated:

  1. mikedt

    mikedt 你好 Guide This Topic's Starter

    Joined:
    Sep 22, 2010
    Messages:
    19,361
    Likes Received:
    9,712
    Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi | News & Opinion | PCMag.com

    "If you didn't already know that plain HTTP sessions are utterly insecure, here's proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and lets you take over their sessions and become them."

    It's been known for a long time that session cookies can be sniffed from open and WEP secured WiFi. But in the past it was always a bit of a hack. This IMO is a game changer as it makes it so easy for anyone to do and get into another person's Facebook, Twitter, Yahoo!, etc.

    I've also found it works with wired Ethernet. as found in hotels. As long as one can sniff Ethernet packets, Firesheep will work. Solution is to always have an HTTPS connection, VPN or secure proxy.
     

    Advertisement
  2. SoulTerror

    SoulTerror Well-Known Member

    Joined:
    Feb 18, 2010
    Messages:
    724
    Likes Received:
    48
    Hhmm, gonna check it out.
     
  3. mikedt

    mikedt 你好 Guide This Topic's Starter

    Joined:
    Sep 22, 2010
    Messages:
    19,361
    Likes Received:
    9,712
    I would actually like to see an Android application which can do what Firesheep does. One could really have some fun with this at airports, railway stations, Starbucks, etc.
     
  4. SoulTerror

    SoulTerror Well-Known Member

    Joined:
    Feb 18, 2010
    Messages:
    724
    Likes Received:
    48
    Trying it on an open wireless connection right now, but not picking anything up yet.
     
  5. SoulTerror

    SoulTerror Well-Known Member

    Joined:
    Feb 18, 2010
    Messages:
    724
    Likes Received:
    48
    I just logged onto a forum and it for some reason pulled up my gmail account in Firesheep.
     
  6. ArthurIhde

    ArthurIhde Well-Known Member

    Joined:
    Sep 30, 2010
    Messages:
    202
    Likes Received:
    4
    i am checking your link thanks [​IMG]
     
  7. SoulTerror

    SoulTerror Well-Known Member

    Joined:
    Feb 18, 2010
    Messages:
    724
    Likes Received:
    48
    It's scary at how easy this works. Went to Engadget and it pulled up my Facebook information.
     

Share This Page

Loading...