Firesheep: Firefox extension exposes Facebook and Twitter passwords

Firesheep, a new extension for the Firefox browser, lets users eavesdrop on unencrypted traffic over unsecured wifi networks

By Matt Warman, Consumer Technology Editor
Published: 12:08PM BST 25 Oct 2010

The Firesheep extension to Firefox allows users to eavesdrop on open networks

A new extension for the Firefox web browser makes it easier than ever before for users to steal account information from users logging on to unencrypted websites via unsecured wifi networks. Developed by Eric Butler, the Firesheep extension collects the “cookies” that a selection of websites such as Facebook and Twitter use to allow access, and then allows users to “sidejack” their accounts.

The extension works by collecting user information and showing it in a Firefox window; Firesheep then lets each account be taken over simply by clicking on it.

Cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo and Yelp are all collected automatically, but programmers can add in their own plugins too.

The extension effectively exploits the same loopholes that Google was inadvertently mining with its Google Streetview cars; as such, secure sites and networks are not at risk.

According to Butler, he built the extension because “it's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”

๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑๑۩۞۩๑

Honoráveis terroristas

View more presentations from palmasite.

Sphere: Related Content