Saturday, March 3, 2012

FireSheep version 2.0


FireSheep version 1.0
I think about two years ago I read about the FireSheep firefox plugin that allows you to hijack any user's account to many different sites (Facebook, flickr, twitter, etc.) that is surfing on the same wifi connection that you are using. This can be extremely brutal to use in any coffee shop, hotel, airport, just sitting outside someone's house stalking them, whatever...
The point is, the person who created this, Eric Butler, didn't do this as a hacking tool, but as a wake-up call to all the sites that aren't encrypting there connection via SSL, and a lot of them didn't even change that since...

FireSheep in action...

The potential danger
The second I read about this, I just couldn't stop thinking about what a dangerous tool this can become. Imagine this - Someone expands this tool to send all the currently active session cookies in the current wifi network to an online database, and now all the active sessions from all the firesheep users are shared worldwide. This means that you don't even have to be in the same wifi network as someone else to hijack their account. All you need is for someone else to be there while you're in the comfort of your own home... Isn't the internet a beautiful thing ??? :)

The future...
Two years (maybe more) later, and I'm happy to see that no one did this yet, but I am still very afraid of the day someone will!
I looked at firesheep code a little just out of pure curiosity, but never even downloaded it or tried it myself. I'm not a hacker and not interested in becoming one. The one thing I am concerned about here is my own personal security, so I am still hoping that these sites will improve the security for the sake of their users. Unfortunately, sometimes the only thing that speeds up the process is a lunatic taking advantage of the current situation.

Till then, beware...

3 comments:

  1. This is really troubling.

    to avoid this hazard try another firefox addon:
    https://www.eff.org/https-everywhere

    If you don't use firefox i'm sorry for you ...

    G.

    ReplyDelete
  2. @grawcho I wasn't familiar with that addon, Thanks for sharing.
    And I do use firefox! :)

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete