Wednesday, March 23, 2011

Wifi Networks and Facebook weaknesses / Firesheep

FireSheep, the tool that allows the capture of a number of social networking sessions around you in an unsecured network like... An open WIFI network at the train station, aeroport or coffee shop.
A couple of researchers have compiled a few scripts to create the tool 'FireSheep', this can allow a remote user connected to a wifi access point to capture a social networking 'session' that a person is having on the same wifi point. And take it over by a single click. This tool was demonstrated at the ToorCon Hacking Conference in San Diego on Sunday.

The tool can effectively control the applications Facebook, Twitter and IGoogle. FireSheep gets in through the lack of transaction security for the many social networks.

As always though, wifi is always going to be a security issue, since everything through a single point (although encrypted) is broadcast to anyone who cares to listen> Or sniff rather.

Firesheep works on unencrypted wireless LAN connections with services that do not use the secure HTTPS.

This problem has been know for some time now and isn't anything new. The point is now the Two researchers have released their program for the general public. This problem will require social networking sites to  revamp their session transfer information stuff...

Most people that are already aware of this problem but still need the use of social networking tools for unsecured wifi, create a V.P.N. at their home and can then, through their home computer, create for themselves a secure session.


More details: Kaspersky's Threatpost


23 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. it turns out that firesheep hasn't really done anything but make hijacking a one click process.

    you've been able to do this since wifi

    Firesheep is just exposing the huge gaping flaw in raw open text files containing your web session lol

    at least the problem is being addressed by big companies now

    ReplyDelete
  3. I am constantly maintaining a VPN nowadays...

    ReplyDelete
  4. Firesheep just made it easier for the average user to access sessions. I'm glad they showed how easy it was but I wouldn't have unleashed it upon the world, oh well.

    ReplyDelete
  5. What Slamcakes said.
    The problem isn't the tools available, it's the people misusing them.

    ReplyDelete
  6. Thank you for advices, i will secure my wi fi better.

    ReplyDelete
  7. That makes me worry...better not use open-wifi-connections

    ReplyDelete
  8. old news but thanks for the heads up

    ReplyDelete
  9. Kind scary. Not just this, but everything about facebook.

    ReplyDelete
  10. haha its privacy is overrated anyways :P

    ReplyDelete
  11. very interesting, thanks for sharing

    ReplyDelete
  12. Really coo, thanks for showing, + following

    ReplyDelete
  13. Hmm I'd better do something about mine now! FOllowing for more usefull information.

    ReplyDelete
  14. wow this is actually very scary.

    ReplyDelete
  15. That plugin no longer works! It was just a "theoretical" extension to show the vulnerabilities of these sites, and it did work (very well), but it was never fully developed, thank god.

    ReplyDelete
  16. Very cool sir! Thanks for the tips!

    ReplyDelete