It seems like every time Facebook amends its privacy policy, the web is up in arms. The truth is, Facebook’s well publicized privacy fight is nothing compared to the vulnerability of all unsecured HTTP sites — that includes Facebook, Twitter and many of the web’s most popular destinations.

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.

One word: wow.

 

It’s not hard to comprehend the far-reaching ramifications of this tool. Anytime you’re using an open Wi-Fi connection, anyone can swiftly access some of your most private, personal information and correspondence (i.e. direct messages, Facebook mail/chat)— at the click of a button. And you will have no idea.

This is how it works. If a site is not secure, it keeps track of you through a cookie (more formally referenced as a session) which contains identifying information for that website. The tool effectively grabs these cookies and lets you masquerade as the user.

 

Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Moreover, to give you a sense of Firesheep’s scope, the extension is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp. And that’s just the default setting— anyone can write their own plugins, according to the post.

Within an hour of Butler’s post appearing on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage has already popped up on Twitter in fantastic fashion. (Disclaimer: At the time of this post, I was not in a public setting and could not fully exploit the extension, however several users have reported success.)

<see URL for full story with images relating to attack>

 

http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/

The annual National Cybersecurity Awareness Month festivities started Monday, and a new public messaging campaign highlights this year's event.

The campaign, called "Stop. Think. Connect." aims to empower citizens to make choices that contribute to the overall security of the internet, according to White House proclamation issued Friday.

Read more ...

BBC NEWS - Google did not grab "significant" personal details when collecting data from wi-fi networks, according to the UK's Information Commissioner Office (ICO).

The finding came after the body reviewed some of the data Google scooped up from unsecured networks.

Google said the data was "mistakenly" gathered while logging wi-fi hotspots to help with location-based services. The ICO said it would closely monitor other global investigations.

Read more ...

Cybercriminals are keeping their foot on the gas as the month-long World Cup soccer tournament in South Africa continues.  A number of scams are underway this week to spread malware and trick users into handing over sensitive information, security researchers warned.One phishing campaign discovered this week appears to be a new take on the "Nigerian 419" scams.
Read more ...

We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies, Terms of Use.