Similar news
The method of bypassing a session is nothing new, something which the freelance developer Eric Butler concedes. But the simplicity in doing so with the use of a simple Firefox extension leaves you thinking, if not asking yourself questions.
Eric Butler has refined the Firesheep extension as an educational tool, or at least this is what he claims, so that users become conscientious that certain Web sites are perhaps not taking their responsibility of protecting users seriously.
Via Firesheep (and WinPcap which can be installed on Windows), any user can listen to any open WiFi network and capture cookies for connections to sites like Amazon.com, Facebook, Flickr, Google, Windows Live, Twitter, WordPress and Yahoo!. Some of these are used as configured examples in Firesheep.
During the identification process used by a Web service, encrypted communication takes place between the server and the user’s cookie to allow all following requests to be trusted. When the connection is active, the encryption is generally left out, which leaves the cookie vulnerable explains Eric Butler, which is why it is possible to hijack a HTTP session (but not HTTPS).
When launching Firesheep, internet users browsing on an open WiFi connection (from a public connection for example) to web sites like Facebook will slowly see connected users details appear on the left hand panel of the window. By simply clicking on one of these will it is possible to gain access to the related site, with the connection being made with the legitimate user’s identity.
The correction is of course for web sites to encrypt their connections from end to end.
Post a comment
 Previous news
|
Next news 
|
|---|---|
| Ubuntu 11.04: Unity replaces GNOME Shell as default environment! | P2P: the LimeWire service closed |
May 22nd, 2013 - 1:49 AM ET
Join now
Login
