Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi

Discussion in 'Computers & IT' started by mikedt, Oct 31, 2010.

  1. mikedt

    mikedt 你好
    VIP Member
    7,028

    Sep 22, 2010
    20,163
    10,414
    7,028
    Teachaaa
    Jinan, China
    Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi | News & Opinion | PCMag.com

    "If you didn't already know that plain HTTP sessions are utterly insecure, here's proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and lets you take over their sessions and become them."

    It's been known for a long time that session cookies can be sniffed from open and WEP secured WiFi. But in the past it was always a bit of a hack. This IMO is a game changer as it makes it so easy for anyone to do and get into another person's Facebook, Twitter, Yahoo!, etc.

    I've also found it works with wired Ethernet. as found in hotels. As long as one can sniff Ethernet packets, Firesheep will work. Solution is to always have an HTTPS connection, VPN or secure proxy.
     

    Advertisement

  2. SoulTerror

    SoulTerror Well-Known Member
    78

    Feb 18, 2010
    724
    48
    78
    Male
    Help Desk Manager
    North Carolina
    Hhmm, gonna check it out.
     
  3. mikedt

    mikedt 你好
    VIP Member
    7,028

    Sep 22, 2010
    20,163
    10,414
    7,028
    Teachaaa
    Jinan, China
    I would actually like to see an Android application which can do what Firesheep does. One could really have some fun with this at airports, railway stations, Starbucks, etc.
     
  4. SoulTerror

    SoulTerror Well-Known Member
    78

    Feb 18, 2010
    724
    48
    78
    Male
    Help Desk Manager
    North Carolina
    Trying it on an open wireless connection right now, but not picking anything up yet.
     
  5. SoulTerror

    SoulTerror Well-Known Member
    78

    Feb 18, 2010
    724
    48
    78
    Male
    Help Desk Manager
    North Carolina
    I just logged onto a forum and it for some reason pulled up my gmail account in Firesheep.
     
  6. ArthurIhde

    ArthurIhde Well-Known Member
    36

    Sep 30, 2010
    202
    4
    36
    i am checking your link thanks [​IMG]
     
  7. SoulTerror

    SoulTerror Well-Known Member
    78

    Feb 18, 2010
    724
    48
    78
    Male
    Help Desk Manager
    North Carolina
    It's scary at how easy this works. Went to Engadget and it pulled up my Facebook information.
     

Share This Page

Loading...