FireSheep, the tool that allows the capture of a number of social networking sessions around you in an unsecured network like... An open WIFI network at the train station, aeroport or coffee shop.
A couple of researchers have compiled a few scripts to create the tool 'FireSheep', this can allow a remote user connected to a wifi access point to capture a social networking 'session' that a person is having on the same wifi point. And take it over by a single click. This tool was demonstrated at the ToorCon Hacking Conference in San Diego on Sunday.
The tool can effectively control the applications Facebook, Twitter and IGoogle. FireSheep gets in through the lack of transaction security for the many social networks.
As always though, wifi is always going to be a security issue, since everything through a single point (although encrypted) is broadcast to anyone who cares to listen> Or sniff rather.
Firesheep works on unencrypted wireless LAN connections with services that do not use the secure HTTPS.
This problem has been know for some time now and isn't anything new. The point is now the Two researchers have released their program for the general public. This problem will require social networking sites to revamp their session transfer information stuff...
Most people that are already aware of this problem but still need the use of social networking tools for unsecured wifi, create a V.P.N. at their home and can then, through their home computer, create for themselves a secure session.
More details: Kaspersky's Threatpost
A couple of researchers have compiled a few scripts to create the tool 'FireSheep', this can allow a remote user connected to a wifi access point to capture a social networking 'session' that a person is having on the same wifi point. And take it over by a single click. This tool was demonstrated at the ToorCon Hacking Conference in San Diego on Sunday.
The tool can effectively control the applications Facebook, Twitter and IGoogle. FireSheep gets in through the lack of transaction security for the many social networks.
As always though, wifi is always going to be a security issue, since everything through a single point (although encrypted) is broadcast to anyone who cares to listen> Or sniff rather.
Firesheep works on unencrypted wireless LAN connections with services that do not use the secure HTTPS.
This problem has been know for some time now and isn't anything new. The point is now the Two researchers have released their program for the general public. This problem will require social networking sites to revamp their session transfer information stuff...
Most people that are already aware of this problem but still need the use of social networking tools for unsecured wifi, create a V.P.N. at their home and can then, through their home computer, create for themselves a secure session.
More details: Kaspersky's Threatpost
This comment has been removed by the author.
ReplyDeleteit turns out that firesheep hasn't really done anything but make hijacking a one click process.
ReplyDeleteyou've been able to do this since wifi
Firesheep is just exposing the huge gaping flaw in raw open text files containing your web session lol
at least the problem is being addressed by big companies now
I am constantly maintaining a VPN nowadays...
ReplyDeleteFiresheep just made it easier for the average user to access sessions. I'm glad they showed how easy it was but I wouldn't have unleashed it upon the world, oh well.
ReplyDeleteI agree Slamcakes.
ReplyDeletewow thats cool.
ReplyDeleteWorrying stuff,
ReplyDeleteWhat Slamcakes said.
ReplyDeleteThe problem isn't the tools available, it's the people misusing them.
Thank you for advices, i will secure my wi fi better.
ReplyDeleteThat makes me worry...better not use open-wifi-connections
ReplyDeletemust get firesheep Thanks!
ReplyDeleteold news but thanks for the heads up
ReplyDeletegood info, thanks
ReplyDeletewow, that is insane!
ReplyDeleteKind scary. Not just this, but everything about facebook.
ReplyDeletehaha its privacy is overrated anyways :P
ReplyDeletevery interesting, thanks for sharing
ReplyDeleteReally coo, thanks for showing, + following
ReplyDeleteHmm I'd better do something about mine now! FOllowing for more usefull information.
ReplyDeletewow this is actually very scary.
ReplyDeletethanks for the advice
ReplyDeleteThat plugin no longer works! It was just a "theoretical" extension to show the vulnerabilities of these sites, and it did work (very well), but it was never fully developed, thank god.
ReplyDeleteVery cool sir! Thanks for the tips!
ReplyDelete