Firefox Extension Firesheep Enables Website Hijacking


A Firefox extension boasts that users can hack into someone else's Facebook, Twitter, or Windows Live account by easily hijacking their session over a Wi-Fi network.

The extension, known as Firesheep, was developed by freelance Seattle-based developer Eric Butler, who said he created the program to illustrate the vulnerability and security risks of high-profile Web applications, especially when run over unsecured Wi-Fi networks.

In particular, Butler pointed to the fact that insecure applications can open the door for HTTP session hijacking attacks. Also known as "sidejacking," HTTP session hijacking occurs when an attacker gets a hold of a user's cookie, which allows them to impersonate and have the same online privileges as the user on any given Website.

"On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy," Butler said in a blog post. Butler presented his findings at the Toorcon 12 security conference in San Diego.

Altogether, Firesheep targets 26 of the most widely used, and highest trafficked applications on the Internet, including Amazon, Facebook, Foursquare, Google, Twitter, Wordpress, Twitter, The New York Times and Yahoo.

 

Next: Firesheep Captures Website Cookies