Real power does not hit hard, but straight to the point

FireSheep For Hack Facebook andTwitter Via Wi-Fi

Posted by fullsoft - -

Even if you were drunk and surfing with Wi-Fi hotspot, you probably will not stand up and scream your username and password to anyone who might want it. But the attacker does not need to discover your username and password. If you thought that by capturing the user's session, social media had done only a skilled hacker, now addon Firesheep can afford to become a truly incapable internet griefer.

If you were an access point Wi-Fi, you probably have no options and no encryption. While many sites give the lips on the importance of user privacy and security is for them, very few have their site is encrypted via HTTPS. Most sites encrypt the user name and password during the logon process, but most of these sites fail to encrypt and protect the user right there. When a user moves to a standard HTTP page on the site, an attacker can sniff and capture information from the user's cookies.

Many of us are committed to multi-tasking, so access to Twitter or Facebook or Flickr, and then switch to surf other sites after leaving these accounts. If any of these sites are the future of Twitter or a Facebook widget, or even embedded in the image on Flickr, if you have registered these sites before continuing to surf, then the HTTP session length jacks, also known as "sidejacking," can happen, and losses user's cookie. Security researchers have explained that if a person can steal the cookie, they can steal the user's session and let them do anything you can do on the site.

At the ToorCon security conference 12, Ian Gallagher, and Eric Butler presented the Hello Web 2.0 start protecting your privacy and do not pretend. Eric Butler has released a free tool open source, and an add-on for the Firefox browser called Firesheep. Now, a person or an idiot, can not be used to scan the local Firesheep Wi-Fi networks, and find users who have logged on to Facebook, Twitter, Amazon, Google, Foursquare, Dropbox, Hacker News, Windows Live, Cisco, Evernote, Wordpress, Flickr, bit. Ly, and many other services. This is a list of sites that Firesheep smell and kidnapping.

Butler, wrote in his blog "in an open wireless network, cookies are basically screamed through the air, so these attacks very easy .... When it comes to user privacy, SSL is the elephant in the room. "

Once installed the addon Firesheep, a new sidebar will appear. Butler writes: "Connection to any busy with an open wireless network and click the big" Start Capture "button, then just wait until the network of all visits to a website known to be insecure Firesheep, your name and the ' image appears: .. "


Yep, just as easily. Four works on all sheep unencrypted wireless LAN connection with services that do not use secure HTTP.

At that time, to publish this article, Firesheep has been downloaded 52 796 times. Twitter is a Firesheep news hot. Relatively few of the Sheeple will play regardless of the wiretapping laws Wireless, and is baaaaad, including those who have no idea how to hack a social network.

What can you do to protect yourself? Use Wi-Fi encryption, using the VPN, if any, or the strength of SSL, if you can. The Tor Project, the EFF has a Firefox extension called HTTPS everywhere that rewrites all requests to HTTPS. The kicker is that very few sites are configured to work with the plugin. There is also a Firefox extension called Force-TLS.

Mell said: "Companies have a responsibility to protect you require SSL everywhere!"

DOWNLOAD NOW!

Leave a Reply