The Firefox extension Firesheep easily hacks into the private accounts of individuals logged on to open wireless systems. The designer of Firesheep created the Firefox expansion to prove a statement. It shows how easy it is to hack into accounts that use cookies for user name and password validation. There are means of protection available, however, in the form of Firefox extensions that add a layer of security to stop Firesheep.
Firesheep can make breaking inton internet sites easy
Firesheep makes it possible for you to hack into many peoples’ lives. All you’ve to do is walk into a coffee shop. Firesheep works because when users submit a user name and password to log in, the server replies with a cookie the browser uses for user authentication going forward. According to Eric Butler, who developed Firesheep, on the open wireless network in that coffee shop, cookies are being shouted via the air. The login is typically encrypted by web sites to protect user’s names and passwords. However, within the interests of expediency, the cookie isn’t really protected. It can be relatively easy to sidejack or do HTTP session breaking inton on a wireless network.
How to use Firesheep
Firesheep is available on Mac OS X and Windows. It’s free too. A new sidebar will appear on your Firefox browser after you’ve installed Firesheep. Go to the coffee shop, connect with its open wireless network. Simply click the “Start Capturing” button. People who log into Facebook will show up on Firesheep. It will do this for any insecure site really. Their name and photo will appear on the sidebar. Firesheep will log into their private account as soon as you double-click on the photo. After that, a sidejacker can do whatever they feel like. This is if they’re utilizing Firesheep of course.
Is there any way to block Firesheep?
There is a way to stop Firesheep. TechCrunch accounts that Firesheep works on most social sites. This is because the online websites go to the HTTP protocol after the login info is encrypted. Firesheep can only detect cookies since the HTTPS protocol can only be used with the Firefox expansion called “Force-TLS”. The Force-TLS Firefox extension allows users to change HTTP to HTTPS on online websites selected in the Firefox Add On “Preferences” menu. All HTTPS details are encrypted. This is why Firesheep cannot read it. Facebook, Twitter and Google all allow HTTPS connections. Most major websites will. Amazon presently does not.
Info from
Code Butler
codebutler.com/firesheep
The Register
theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/
Tech Crunch
techcrunch.com/2010/10/25/firesheep/
No comments:
Post a Comment