Beware of Firesheep! It can hijack your Facebook!

Firesheep is a way to hijack your identity on popular social networks.  It targets users on unsecured wireless networks like in coffee shops.

For example, if you are using unencrypted WiFi access in a coffee shop and logged on to Facebook*, a person lurking and using Firesheep can assume your identity – changing your status, posting, friending, whatever.  Free WiFi is typically unencrypted.  Yow, big security hole!

This is a huge hideous security hole for Facebook* and other web sites.   People like to take their laptops and access free WiFi on the road and don’t think about being hacked.

So until these issues are resolved, be aware that if you log on to an unsecured wireless access point and access an unsecured web site, your information may be eavesdropped and you may be hacked or hijacked.

As of now, free WiFi and Facebook* as well as other social network sites are vulnerable.

How did this happen?  Well unencrypted wireless has always been unsecure, everything flies over the air open text so anyone can eavesdrop.  Then web sites like Facebook* use cookies to make the web experience experience easier.  Those session cookies fly over the wireless, can be captured, used by the hijacker/hacker to impersonate the real user.  This hack combines man-in-the-middle and session cookie attack.  Previously this took some hacker sophistication but this Firesheep Firefox addon makes this hack easy.

The ultimate solution is for these web sites to use SSL (TLS, https://) to access them.   Then no one can eavesdrop.  It is not an expensive computational issue as Google reported from moving gmail from http to https.

* I use Facebook as an example but other web sites are vulnerable.

For more info check out SecurityNow!

Check out Firesheep for web sites vulnerable.

Leave a Reply

Your email address will not be published. Required fields are marked *