Get Firesheep! Hack everything the whole internet to bits!

25 October 2010

A dastardly internet hacker, this morning

WARNING! All unsecured HTTP sites (including Facebook, Twitter, Foursquare and loads of very popular web destinations) have an underbelly softer than a mouse's ear.

A developer called Eric Butler has decided to expose it for us all to see with his new Firefox extension, Firesheep, which lets you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

Butler explains: “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.”

All you have to do is double click in the window which shows a person's details and you'll be able to log into that user’s site with their credentials.

So basically, anytime you use an open Wi-Fi connection, there's now a good good chance that someone can access some of your most private, personal information and correspondence (start deleting your dirty direct messages now, eh?).

Basically, if a site is not secure, it keeps track of you through a cookie which contains identifying information for that website. Firesheep grabs these cookies and lets you pretend to be them. Astonishing stuff really.

If you're not particularly worried about someone mucking around with your social networking profiles, then maybe you'll be more concerned about the fact that this extension can also work with things like Amazon and WordPress. And that’s just through the default setting. If you're savvy enough, you can write your own plugins and start hacking away at other stuff.

Butler says that he created this unsavoury tool to expose the lack of security on the web.

“Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” Butler says.

It seems there's not much you can do to prevent sessions getting hijacked, so as a user, the lesson here is that you shouldn't log-in on an open network (unless you use VPN) as it leaves you wide open for someone to start delving into your private data.

You've been warned.

TOPICS:   Technology   Privacy

7 comments

  • Nobby
    If the web had less holes in it, it would be clingfilm. My shite comment for the day.
  • The B.
    I'm slightly scared that my first thought was "oh look, it's Des from Neighbours".
  • ben
    that would be why you can use https://www.facebook.com :)
  • Paul C.
    Good choice with Des Clarke. He reminds me of Jason Segel. Shame it wasn't a photo of Daphne though.
  • Dead F.
    Nobby: That's *fewer* holes.
  • Olly
    Isn't use of that plug-in illegal? I realise the bad people don't care for such stuff, but you'd have a hard time explaining to the old bill that you'd downloaded it just for shits-and-giggles.
  • evil r.
    nice photo Paul ---is that your wife?

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment