Gavin Draper's Blog

Father, Developer, Tech Geek, Extreme Sports Fanatic

@gavdraper | +gavdraper | github | StackOverflow Careers
 

Firesheep a wake up call

For those who haven't heard Fireheep is a Firefox plugin that was released last week. It allows you to sit on an open wireless network grabbing cookies for many well known sites as other people use the,. Once you've got these cookies it allows you to impersonate that user. For example if someone on the network logs in to Facebook it grabs their cookie and then allows you with the click of a mouse to sign in to Facebook as them.

It was written to try to make people aware that more than just your login pages need to be run over HTTPS as that same cookie is passed back and forth as you change pages. Firesheep is the easiest way to exploit this hack and its because of how easy it is to use that this hack is now exploitable by people that know very little about computers.

The day the add-on was released it made it big on a lot of news sites causing many thousands of people to download it to try. Although people are now more aware of it I would imagine its going to take some time before the a lot of these sites/apps can update their system to run securely over HTTPS. Until then all that can really be done is to avoid logging in to web sites that could be at risk over open WIFI networks.


 
comments powered by Disqus