Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi | News & Opinion | PCMag.com
"If you didn't already know that plain HTTP sessions are utterly insecure, here's proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and lets you take over their sessions and become them."
It's been known for a long time that session cookies can be sniffed from open and WEP secured WiFi. But in the past it was always a bit of a hack. This IMO is a game changer as it makes it so easy for anyone to do and get into another person's Facebook, Twitter, Yahoo!, etc.
I've also found it works with wired Ethernet. as found in hotels. As long as one can sniff Ethernet packets, Firesheep will work. Solution is to always have an HTTPS connection, VPN or secure proxy.
"If you didn't already know that plain HTTP sessions are utterly insecure, here's proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and lets you take over their sessions and become them."
It's been known for a long time that session cookies can be sniffed from open and WEP secured WiFi. But in the past it was always a bit of a hack. This IMO is a game changer as it makes it so easy for anyone to do and get into another person's Facebook, Twitter, Yahoo!, etc.
I've also found it works with wired Ethernet. as found in hotels. As long as one can sniff Ethernet packets, Firesheep will work. Solution is to always have an HTTPS connection, VPN or secure proxy.
