Thursday, October 28, 2010

Firesheep Firefox expansion - sidejacking made easy produces a point

Firesheep allows anyone to spy on social network accounts using the Firefox expansion on an open social network. Instead of develop Firesheep for malicious intent, the creator cooked up the expansion to draw attention to the security problem posed by sites that use cookies with an inadequate level of encryption. The good news is that certain Firefox extensions are available that protect personal details from “sidejacking” tools for instance Firesheep.

Firesheep makes it so you are able to hack social networks easily

Firesheep allows any person to walk into a coffee shop and start prying into personal lives. Firesheep works because when users submit a user name and password to log in, the server replies with a cookie the browser utilizes for user validation going forward. Eric Butler had been the man who created Firesheep. He said that there are cookies all through the air when in a coffee shop with an open wireless network. Websites commonly protect user names and passwords by encrypting the login. The cookie isn’t protected though. It isn’t hard to do sidejacking or HTTP session breaking inton on a wireless network. It’s actually relatively easy.

Using Firesheep

Firesheep is free, open source and accessible for Mac OS X and Windows. Installing Firesheep will allow a new sidebar to appear. Firefox is the browser it will appear on. Go to the open wireless network at a coffee shop. There’s a button you are able to click. “Start Capturing” is what the button will say. Anyone using the network logged into Facebook, or any insecure site acknowledged by Firesheep will show up. You are able to see their name and photo. The sidebar will show this to you. Double-click on the photo and Firesheep instantly logs into their private account. After that, a sidejacker can do whichever they feel like. This is if they’re utilizing Firesheep of course.

Rendering it so Firesheep is blocked

Firesheep could be foiled. Most social online websites go to the HTTP protocol after login information is encrypted, TechCrunch accounts. ”Force-TLS” is a Firefox expansion that causes websites to use the HTTPS protocol. That is the only reason why Firesheep can detect cookies. Users can change HTTP to HTTPS on websites with the Firefox Add On “Preferences” menu which is done with the Force-TLS Firefox extension. Firesheep cannot read all the data from HTTPS since it’s all encrypted. Facebook, Twitter and Google all allow HTTPS connections. Most major websites will. Amazon currently does not.

Citations

Code Butler

codebutler.com/firesheep

The Register

theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/

Tech Crunch

techcrunch.com/2010/10/25/firesheep/



No comments: