Firefox extension makes Facebook 'sidejacking' easy

Jos

Posts: 3,073   +97
You might want to think twice before logging into your favorite websites when using an open Wi-Fi network. A new Firefox extension shows just how easy it is to snatch browser cookies sent over insecure connection for sites such as Facebook and Twitter, allowing malicious users to log into the same website via a process called HTTP session hijacking -- also known as sidejacking. The extension, dubbed Firesheep, was developed by freelance Seattle-based developer Eric Butler in an effort to push more websites into using full end-to-end encryption for logins.

Read the whole story
 

posermobile89

Posts: 72   +0
If two or more people are on a secured network, one of them using the firesheep extension, is it still possible for them to eavesdrop, or is it only possible (easily) for open networks?
 

Burty117

Posts: 4,067   +2,060
I think its only possible easily if its an unsecured network. Anyway I cannot believe websites such as facebook and yahoo mail don't use full end-to-end encryption for logins! I mean, theres always a story on the internet somewhere about these sites being exploited everyday yet they haven't really done much about it by the sounds of it?
 

B00kWyrm

Posts: 991   +39
One more reason to avoid FB completely!
In many ways they prove they really do not care about their user.
Unfortunately, like so many other areas of life, we become "dependent" for "function"
and so we "settle" and "suffer the consequences".
 

kearnsy24

Posts: 9   +0
It's just plain silly for people to use free wireless connections for their personal accounts and such. Just wait until you know you're on a secure connection and you have nothing to worry about.
 

p51d007

Posts: 2,688   +2,025
I have FF set to remove cookies on exit, plus using fasterfox to clean up after I shut FF
down.
The reason people get their info stolen is mostly because they don't secure their computers to start with. How many times have you fixed a friends computer and find their password(s) are something simple, and they run their sessions in ADMINISTRATOR mode?
 

Fragrant Coit

Posts: 345   +1
Surely a better approach for all concerned would be a WPA (or even WEP) key that changes every day & is perhaps printed on the reciept?

That way it's not Open, at least 1 person needs to make a purchase and it could be marketed as a "caring" implementation. I'm in no way endorsing the Cardboard Burger or Ersatz Coffee merchants etc, but am after a mutually beneficial solution.

Or, leave it open for everyone & their dog within the broadcast radius and let the Devil sort 'em out!

Probably the latter will out.
 

freythman

Posts: 113   +10
I'm not sure why people are so concerned about their privacy on Facebook, and the likes, anyway. If you are worried about private information becoming public, don't post it to social networking sites. Then you don't have to worry about how good of a steward they are with your data.
 

bioflex

Posts: 76   +2
Ranger12 said:
Eh, just avoid firefox. Easy enough.

really?......i have been using firefox ever since i discovered it some years back and i dont think i am going back though i have tried opera and chrome too.
 

Jos

Posts: 3,073   +97
Eh, just avoid firefox. Easy enough.

It's not a Firefox problem, you could be using any browser. It's about unsecured wireless connections and websites not adopting encrypted HTTPS connections (usually they do this for the initial login but not the entire session)
 

Relic

Posts: 1,372   +17
It's mind boggling that people still use free / open WiFi networks for private data in todays age. If you need to use these services on the go make sure your on an encrypted network at least and definitely in an https session.

@Fragrant Never ever use WEP encryption, it's garbage that gives people a false sense of security.
 

Elitassj4

Posts: 24   +0
I don't see the point of facebook or other sites like that, and having a gazillion of "friends", i just can't wrap my head around that .
 

rwright

Posts: 8   +0
Public Wi-Fi does have its uses. Most people just arent aware of the hazards. Scarey but effective way to raise awareness. *clicks his link to post on Facebook from his secure home network*
 

grimm808

Posts: 30   +0
Good thing I try as much as possible to leave out important private, and personal things. Internets a dangerous place... It's almost as bad as leaving your Credit Card info on Xbox live, and then they try to keep billing you. :mad:

I also heard it's not all that difficult to steal personal info through Xbox live accounts too.
 

TomSEA

Posts: 3,320   +2,068
It's amazing how many unsecured Wi-Fi's there are out there. From my house, when I check for wireless connections, a dozen pop-up and at least 1/4 are unsecured.

But Facebook is a mess. In their effort to attract users, they've completely ignored security options.
 
T

therickster90

I just tried it. I'm sitting here at school on an unsecured connection with 20 people on laptops around me and the only thing it is picking up is my gmail login, which is https. hmmm...at least I don't have facebook anymore.
 

oasis789

Posts: 51   +0
as long as you dont put anything impt on fb, youre safe from firesheep. doesn affect gmail or any other https service
 

Puiu

Posts: 4,495   +3,325
TechSpot Elite
keep the extensions to the bare minimum and don't install stupid and useless ones. if you do that then you'll be fine. and also don't install toolbars as they are even worse than a bad written extension.