Thursday, October 28, 2010

FIRESHEEP SNIFFS OUT FACEBOOK ACC ON WIFI HOTSPOTS



Firesheep sniffs out facebook acc on wifi hotspots

"Another security flaw. "

Firefox: Firesheep sniffs out and steals cookies—and the account and identity of the owner in the process—of popular web sites (like Facebook and Twitter) from the browsing sessions of other users on the Wi-Fi hot spot you're attached to.
Every time you sit down at a coffee house, turn on your computer, logon to the free Wi-Fi connection they provide, how safe do you think you, and your online activities, are? Well, apparently not really, because most websites only encrypt sensitive data like passwords during initial login, but everything else will still be in its original form. This means that your cookies will be extremely vulnerable and a simple HTTP session hijacking can get hold of that information and do anything they want on a particular website using your account.

A web app developer has recently developed the Firesheep, a Firefox addon that allows even the most novice user to scan a Wi-Fi network and hijack other people’s Facebook, Twitter and other online accounts. All the user has to do is connect to an open Wi-Fi network, click a button and the addon will start capturing login data and displaying user details at the sidebar. If they wish to hijack a particular account, all they have to do is double-click on the name and voila! They’re in. It’s a free and open source and please don’t be happy just because you think that your Apple Mac is very secure, it works on Mac OS X too. Mozilla can very well block the application, but according to the Director of Firefox, he said that they will not be doing that because it doesn’t exploit a vulnerability in the browser itself.

So just how exactly do you protect yourself from such attack should you connect to a public Wi-Fi next time? According to a senior security advisor at antivirus vendor Sophos, is to use a VPN whenever you’re connecting to a public Wi-Fi. A VPN will encrypt all traffic that goes on when you’re connected, including the sites Firesheep aims at attacking. It’s still not a total solution though, a VPN can only protect information on its server and once the information leaves the VPN, it’ll still be vulnerable, but it will take much more than Firesheep or a novice hacker to steal your data. Visit TechWorld for more tips on how to protect yourself from Firesheep.

by Vincent Tey 빈센트 on Friday, October 28, 2010 at 8:05pm

1 comment:

  1. Lol u lo nid like tat ma? block me. I juz kidding, man. don even think it seriouly. And I don have ur secret.

    ReplyDelete