Firefox Extension Firesheep Puts Website Login Info at Risk

VIDEO: Advertisers track your Web habits and create a profile tied to your Facebook ID.
Share
Copy

You might want to think twice before logging into Facebook , Twitter or countless other websites from an open Wi-Fi network.

According to Seattle-based software developer Eric Butler, if you sign into some of the Web's most popular site's through unsecured Wi-Fi networks (such as those available at airports and coffee shops), hackers could easily spy on you and steal your password information.

VIDEO: Advertisers track your Web habits and create a profile tied to your Facebook ID.
Facebook Apps Disclose User Info

To show Internet users and websites the severity of this privacy hole, Butler created a free Firefox Web browser extension that, once downloaded, lets users hijack others' user information themselves.

Called Firesheep, the program lets users see who is connecting to the Internet through an unsecured Wi-Fi network. Once someone connects to an open Wi-Fi network, the program shows the person's name and photograph.

Just double-click on someone's name and - voila! – you're instantaneously signed in as them. If a person is using Facebook over an unsecured WI-Fi network, with Firesheep's help, you could go into their account, change their password, check out their profile, interact with their friends and more.

VIDEO: Facebook App Security Concern
Facebook App Security Concern

Firesheep Exposes Facebook, Twitter Login Over Open Wi-Fi Networks

Butler did not immediately respond to a request for comment from ABCNews.com. But in a blog post on Firesheep, he said the program exploits a security flaw related to browser cookies.

When a user signs into a website with a username and password, the server searches for an account that matches the information. Once the server finds the matching account, it sends the user a cookie that the Web browser uses for the rest of the online session. But though the initial login is encrypted by the website, everything that follows is not, Butler said.

Over public Wi-Fi networks, hackers can easily use the unprotected cookies to spy on the connection and sniff out login information, he said.

VIDEO: Online media companies collect data on teens and sell it to advertisers.
Online Media Companies Collect Cookies From Teen Users

"This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL," Butler said. Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win."

Security Expert: Public Wi-Fi Like Public Restrooms

Aaron Higbee, co-founder and chief technology officer of security firm Intrepidus Group, said Firesheep highlights the risks associated with public Wi-Fi networks.

Facebook Changes
Facebook Changes

"I equate public Wi-Fi to a public restroom," he said. "You never know what you're going to catch and you only use it if you absolutely have to."

Open Wi-Fi hotspots may be convenient for on-the-go Internet users but, he said, most consumers probably don't realize that when they connect to an open Wi-Fi network that does not have encryption, they're basically broadcasting their online session to everyone within listening distance.

Hackers could eavesdrop on these connections before Firesheep, but with the new program, this kind of online spying is easier than ever for a layperson, he said.

"Sometimes, that's what it takes for people to realize this is something… to be concerned about," he said.

VIDEO: The social networking site launches new features to control privacy.
Facebook Gets Into 'Groups' Cleanup

Page
  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
 
You Might Also Like...