Firesheep In Wolves Clothing: App Lets You Hack Into Twitter, Facebook Accounts Easily
Developer Eric Butler has exposed the soft underbelly of the web with his new application, Firesheep, a Firefox extension that will let you essentially eavesdrop on any open wi-fi network and capture users’ cookies. As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and you will be able to log into the user’s site with their credentials.
One word: wow.
If a site is not secure, it will emit cookies throughout a session, which contain identifying information. The tool effectively grabs these cookies and lets you masquerade as the user. Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Firesheep is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp.
Since Butler’s post appeared on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage is already popping up on Twitter in fantastic fashion.
Thanks to Bensign, aka Ben Schaechter (former TechCrunch developer) for the tip.