Firefox extension makes Facebook 'sidejacking' easy

By Jos
Oct 26, 2010
Post New Reply
  1. You might want to think twice before logging into your favorite websites when using an open Wi-Fi network. A new Firefox extension shows just how easy it is to snatch browser cookies sent over insecure connection for sites such as Facebook and Twitter, allowing malicious users to log into the same website via a process called HTTP session hijacking -- also known as sidejacking. The extension, dubbed Firesheep, was developed by freelance Seattle-based developer Eric Butler in an effort to push more websites into using full end-to-end encryption for logins.

    Read the whole story
  2. posermobile89

    posermobile89 TS Rookie Posts: 72

    If two or more people are on a secured network, one of them using the firesheep extension, is it still possible for them to eavesdrop, or is it only possible (easily) for open networks?
  3. Burty117

    Burty117 TechSpot Chancellor Posts: 2,889   +645

    I think its only possible easily if its an unsecured network. Anyway I cannot believe websites such as facebook and yahoo mail don't use full end-to-end encryption for logins! I mean, theres always a story on the internet somewhere about these sites being exploited everyday yet they haven't really done much about it by the sounds of it?
  4. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    One more reason to avoid FB completely!
    In many ways they prove they really do not care about their user.
    Unfortunately, like so many other areas of life, we become "dependent" for "function"
    and so we "settle" and "suffer the consequences".
  5. kearnsy24

    kearnsy24 TS Rookie

    It's just plain silly for people to use free wireless connections for their personal accounts and such. Just wait until you know you're on a secure connection and you have nothing to worry about.
  6. p51d007

    p51d007 TS Evangelist Posts: 858   +353

    I have FF set to remove cookies on exit, plus using fasterfox to clean up after I shut FF
    The reason people get their info stolen is mostly because they don't secure their computers to start with. How many times have you fixed a friends computer and find their password(s) are something simple, and they run their sessions in ADMINISTRATOR mode?
  7. Fragrant Coit

    Fragrant Coit TS Guru Posts: 363

    Surely a better approach for all concerned would be a WPA (or even WEP) key that changes every day & is perhaps printed on the reciept?

    That way it's not Open, at least 1 person needs to make a purchase and it could be marketed as a "caring" implementation. I'm in no way endorsing the Cardboard Burger or Ersatz Coffee merchants etc, but am after a mutually beneficial solution.

    Or, leave it open for everyone & their dog within the broadcast radius and let the Devil sort 'em out!

    Probably the latter will out.
  8. freythman

    freythman TS Booster Posts: 112   +10

    I'm not sure why people are so concerned about their privacy on Facebook, and the likes, anyway. If you are worried about private information becoming public, don't post it to social networking sites. Then you don't have to worry about how good of a steward they are with your data.
  9. Ranger12

    Ranger12 TS Guru Posts: 620   +118

    Eh, just avoid firefox. Easy enough.
  10. whiteandnerdy

    whiteandnerdy TS Member Posts: 69

    I'm with freythman on this. Don't post stuff you don't want anyone to find out.
  11. bioflex

    bioflex TS Rookie Posts: 70

    really?......i have been using firefox ever since i discovered it some years back and i dont think i am going back though i have tried opera and chrome too.
  12. Jos

    Jos TechSpot Staff Topic Starter Posts: 2,641   +86

    It's not a Firefox problem, you could be using any browser. It's about unsecured wireless connections and websites not adopting encrypted HTTPS connections (usually they do this for the initial login but not the entire session)
  13. foreverzero89

    foreverzero89 TS Enthusiast Posts: 217

    if it's NOT HTTPS it's not encrypted.
  14. Relic

    Relic TechSpot Chancellor Posts: 1,379   +16

    It's mind boggling that people still use free / open WiFi networks for private data in todays age. If you need to use these services on the go make sure your on an encrypted network at least and definitely in an https session.

    @Fragrant Never ever use WEP encryption, it's garbage that gives people a false sense of security.
  15. TorturedChaos

    TorturedChaos TechSpot Chancellor Posts: 828   +17

    I never thought about how easy it is to grab information from open WiFi spots. Glad I don't use any of them :p.
  16. Elitassj4

    Elitassj4 TS Rookie Posts: 24

    I don't see the point of facebook or other sites like that, and having a gazillion of "friends", i just can't wrap my head around that .
  17. jason4832

    jason4832 TS Rookie

    Scary a bit, but lesson learned.
  18. rwright

    rwright TS Rookie

    Public Wi-Fi does have its uses. Most people just arent aware of the hazards. Scarey but effective way to raise awareness. *clicks his link to post on Facebook from his secure home network*
  19. grimm808

    grimm808 TS Rookie Posts: 30

    Good thing I try as much as possible to leave out important private, and personal things. Internets a dangerous place... It's almost as bad as leaving your Credit Card info on Xbox live, and then they try to keep billing you. :mad:

    I also heard it's not all that difficult to steal personal info through Xbox live accounts too.
  20. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,550   +594

    It's amazing how many unsecured Wi-Fi's there are out there. From my house, when I check for wireless connections, a dozen pop-up and at least 1/4 are unsecured.

    But Facebook is a mess. In their effort to attract users, they've completely ignored security options.
  21. frodough

    frodough TS Rookie Posts: 90

    wow has FF been made 'too powerful'? im not as code savvy and hearing that does raise a concern or ten.
  22. mikeusru

    mikeusru TS Rookie Posts: 48

    This is like when the US nuked Japan to show them how dangerous nuclear weapons can be. Thanks, friends.
  23. therickster90

    therickster90 TS Rookie Posts: 16

    I just tried it. I'm sitting here at school on an unsecured connection with 20 people on laptops around me and the only thing it is picking up is my gmail login, which is https. least I don't have facebook anymore.
  24. oasis789

    oasis789 TS Rookie Posts: 51

    as long as you dont put anything impt on fb, youre safe from firesheep. doesn affect gmail or any other https service
  25. Puiu

    Puiu TS Evangelist Posts: 1,804   +483

    keep the extensions to the bare minimum and don't install stupid and useless ones. if you do that then you'll be fine. and also don't install toolbars as they are even worse than a bad written extension.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...