Firesheep is a Firefox expansion that captures user names and passwords of any person utilizing the very same open wireless network. Firesheep’s creator created the Firefox expansion to show web users and web masters how easily personal information can be compromised on open networks. On the bright side, other Firefox extensions are accessible that combat the effortless “sidejacking” produced possible with Firesheep.
Social systems are easy to hack when you have Firesheep
Any person can walk into a coffee shop and start breaking inton others’ lives with Firesheep. There is only one thing making it so Firesheep can word. There is a cookie the server replies with when a user submits a user name and password to log into something which will let the user continue on with authentication. Eric Butler was the man who created Firesheep. He said that you will find cookies all through the air when in a coffee shop with an open wireless network. The login is typically encrypted by sites to protect user’s names and passwords. The only problem is with the cookie. It is not protected. On an open wireless network, sidejacking, or HTTP session hacking, is like shooting fish in a barrel.
Using Firesheep
You can get Firesheep on Mac OS X and Windows for free. Install Firesheep, and a new sidebar appear in Firefox. Go to the coffee shop, connect to its open wireless network. The “Start Capturing” button is all you have to click. Anyone using the network logged into Facebook, or any other insecure website recognized by Firesheep will show up. The sidebar will display their name and photo. Double-clicking on the photo allows you into their account. You could be logging in as them. From there, Firesheep sidejackers can do anything they want.
Can Firesheep be obstructed?
Firesheep could be foiled. TechCrunch reports that Firesheep works on most social sites. This is since the online websites go to the HTTP protocol following the login information is encrypted. ”Force-TLS” is a Firefox extension that forces sites to use the HTTPS protocol. That is the only reason why Firesheep can detect cookies. Users can change HTTP to HTTPS on sites with the Firefox Add On “Preferences” menu which is done with the Force-TLS Firefox extension. Firesheep cannot read all the data from HTTPS since it’s all encrypted. HTTPS connections are accessible at online websites that are large life Facebook, Twitter and Google. Amazon does not right now though.
Citations
Code Butler
codebutler.com/firesheep
The Register
theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/
Tech Crunch
techcrunch.com/2010/10/25/firesheep/
No comments:
Post a Comment