Firefox extension makes Facebook 'sidejacking' easy


Posts: 3,073   +97
You might want to think twice before logging into your favorite websites when using an open Wi-Fi network. A new Firefox extension shows just how easy it is to snatch browser cookies sent over insecure connection for sites such as Facebook and Twitter, allowing malicious users to log into the same website via a process called HTTP session hijacking -- also known as sidejacking. The extension, dubbed Firesheep, was developed by freelance Seattle-based developer Eric Butler in an effort to push more websites into using full end-to-end encryption for logins.

Read the whole story


Posts: 72   +0
If two or more people are on a secured network, one of them using the firesheep extension, is it still possible for them to eavesdrop, or is it only possible (easily) for open networks?


Posts: 4,067   +2,060
I think its only possible easily if its an unsecured network. Anyway I cannot believe websites such as facebook and yahoo mail don't use full end-to-end encryption for logins! I mean, theres always a story on the internet somewhere about these sites being exploited everyday yet they haven't really done much about it by the sounds of it?


Posts: 991   +39
One more reason to avoid FB completely!
In many ways they prove they really do not care about their user.
Unfortunately, like so many other areas of life, we become "dependent" for "function"
and so we "settle" and "suffer the consequences".


Posts: 9   +0
It's just plain silly for people to use free wireless connections for their personal accounts and such. Just wait until you know you're on a secure connection and you have nothing to worry about.


Posts: 2,688   +2,025
I have FF set to remove cookies on exit, plus using fasterfox to clean up after I shut FF
The reason people get their info stolen is mostly because they don't secure their computers to start with. How many times have you fixed a friends computer and find their password(s) are something simple, and they run their sessions in ADMINISTRATOR mode?

Fragrant Coit

Posts: 345   +1
Surely a better approach for all concerned would be a WPA (or even WEP) key that changes every day & is perhaps printed on the reciept?

That way it's not Open, at least 1 person needs to make a purchase and it could be marketed as a "caring" implementation. I'm in no way endorsing the Cardboard Burger or Ersatz Coffee merchants etc, but am after a mutually beneficial solution.

Or, leave it open for everyone & their dog within the broadcast radius and let the Devil sort 'em out!

Probably the latter will out.


Posts: 113   +10
I'm not sure why people are so concerned about their privacy on Facebook, and the likes, anyway. If you are worried about private information becoming public, don't post it to social networking sites. Then you don't have to worry about how good of a steward they are with your data.


Posts: 76   +2
Ranger12 said:
Eh, just avoid firefox. Easy enough.

really?......i have been using firefox ever since i discovered it some years back and i dont think i am going back though i have tried opera and chrome too.


Posts: 3,073   +97
Eh, just avoid firefox. Easy enough.

It's not a Firefox problem, you could be using any browser. It's about unsecured wireless connections and websites not adopting encrypted HTTPS connections (usually they do this for the initial login but not the entire session)


Posts: 1,372   +17
It's mind boggling that people still use free / open WiFi networks for private data in todays age. If you need to use these services on the go make sure your on an encrypted network at least and definitely in an https session.

@Fragrant Never ever use WEP encryption, it's garbage that gives people a false sense of security.


Posts: 24   +0
I don't see the point of facebook or other sites like that, and having a gazillion of "friends", i just can't wrap my head around that .


Posts: 8   +0
Public Wi-Fi does have its uses. Most people just arent aware of the hazards. Scarey but effective way to raise awareness. *clicks his link to post on Facebook from his secure home network*


Posts: 30   +0
Good thing I try as much as possible to leave out important private, and personal things. Internets a dangerous place... It's almost as bad as leaving your Credit Card info on Xbox live, and then they try to keep billing you. :mad:

I also heard it's not all that difficult to steal personal info through Xbox live accounts too.


Posts: 3,320   +2,068
It's amazing how many unsecured Wi-Fi's there are out there. From my house, when I check for wireless connections, a dozen pop-up and at least 1/4 are unsecured.

But Facebook is a mess. In their effort to attract users, they've completely ignored security options.


I just tried it. I'm sitting here at school on an unsecured connection with 20 people on laptops around me and the only thing it is picking up is my gmail login, which is https. least I don't have facebook anymore.


Posts: 51   +0
as long as you dont put anything impt on fb, youre safe from firesheep. doesn affect gmail or any other https service


Posts: 4,495   +3,325
TechSpot Elite
keep the extensions to the bare minimum and don't install stupid and useless ones. if you do that then you'll be fine. and also don't install toolbars as they are even worse than a bad written extension.