One word: wow.
If a site is not secure, it will emit cookies throughout a session, which contain identifying information. The tool effectively grabs these cookies and lets you masquerade as the user. Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Firesheep is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp.
Since Butler’s post appeared on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage is already popping up on Twitter in fantastic fashion.
Thanks to Bensign, aka Ben Schaechter (former TechCrunch developer) for the tip.
7 7
Authors: Evelyn Rusli