Home > techcrunch > Firesheep In Wolves Clothing: App Lets You Hack Into Twitter, Facebook Accounts Easily

Firesheep In Wolves Clothing: App Lets You Hack Into Twitter, Facebook Accounts Easily

October 24th, 2010 10:24 admin Leave a comment Go to comments

It seems like every time Facebook amends it’s privacy policy, the web is up in arms. The truth is, Facebook’s well publicized privacy fight is nothing compared to vulnerability of all unsecured HTTP sites — that includes Facebook, Twitter and many of the web’s most popular destinations.

Developer Eric Butler has exposed the soft underbelly of the web with his new application, Firesheep, a Firefox extension that will let you essentially eavesdrop on any open wi-fi network and capture users’ cookies. As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and you will be able to log into the user’s site with their credentials.

One word: wow.

If a site is not secure, it will emit cookies throughout a session, which contain identifying information. The tool effectively grabs these cookies and lets you masquerade as the user. Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Firesheep is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp.

Since Butler’s post appeared on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage is already popping up on Twitter in fantastic fashion.

Thanks to Bensign, aka Ben Schaechter (former TechCrunch developer) for the tip.

Source: Firesheep In Wolves Clothing: App Lets You Hack Into Twitter, Facebook Accounts Easily

Related Articles:

  1. Lazy Hackers Unite: Firesheep Boasts +104,000 Downloads In 24 Hours
  2. Firesheep Author Reflects On Wild Week
  3. HTTPS Everywhere Gets Firesheep Protection
  4. How To Protect Your Login Information From Firesheep
  5. Facebook Lets You Harvest Account Phone Numbers
blog comments powered by Disqus
YOYOYOOYOYOYO