Firesheep In Wolves Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

Monday, 25 October 2010 06:24

Firesheep In Wolves Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

E-mail

Rate this item

(0 votes)

It seems like every time Facebook amends it’s privacy policy, the web is up in arms. The truth is, Facebook’s well publicized privacy fight is nothing compared to vulnerability of all unsecured HTTP sites — that includes Facebook, Twitter and many of the web’s most popular destinations.

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open wi-fi network and capture users’ cookies. As Butler explains in

his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and you will be able to log into the user’s site with their credentials.

One word: wow.

If a site is not secure, it will emit cookies throughout a session, which contain identifying information. The tool effectively grabs these cookies and lets you masquerade as the user. Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Firesheep is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp.

Since Butler’s post appeared on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage is already popping up on Twitter in fantastic fashion.

Thanks to Bensign, aka Ben Schaechter (former TechCrunch developer) for the tip.