Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack Twitter and Facebook accounts.
The add on, called “Firesheep”, was released at the ToorCon security conference in San Diego by Eric Butler, a Seattle-based web application and software developer. Butler designed the add-on to highlight the danger of accessing unencrypted websites via public Wi-Fi networks, according to a blog post. Websites commonly protect users' passwords by encrypting the initial login, Butler said. However, many popular sites – including Facebook and Twitter – do not use end-to-end HTTPS or SSL encryption to safeguard sessions, leaving them vulnerable to an attack known as "HTTP session hijacking", which allows an attacker to obtain a user's cookie to take over their account. “This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users,” Butler wrote. Facebook, for example, has not implemented end-to-end SSL or HTTPS encryption, according to Butler. A Facebook spokesman told SCMagazineUS.com that users should be cautious when sending or receiving information over unsecured Wi-Fi networks. “We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months,” the spokesman said. Firesheep adds a sidebar to Firefox that can be used to connect to an open Wi-Fi network, Butler explained. Once connected, the extension displays the name and photo of anyone on the network who visits an unsecured website.“Double-click on someone, and you're instantly logged in as them,” he wrote.The add-on has been downloaded more than 177,000 times since it became available on Sunday. It also has ranked as a "trending" topic on Twitter and Google.Butler said he hopes the new add-on will encourage websites to take security more seriously. “Websites have a responsibility to protect the people who depend on their services,” he wrote. “They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.