In yet another privacy debacle, social media sites like Facebook and Twitter are being hacked via public WiFi with a new Firefox extension called Firesheep, released earlier this week.
Over the last few days, the internet was lit up by reports of a security hole in the Firefox web browser that allowed anyone to hack into Facebook, Twitter, Yelp or Tumblr. A freelance programmer named Eric Butler wrote an extension to Firefox (which anyone can install) that exploits this hole by grabbing free-floating cookies in Wi-Fi networks attached to the above-named sites.
The extension, called Firesheep, takes advantage of a widely known flaw in Wi-Fi setups. When a user logs into his or her Facebook account, the social network’s servers authenticate the user via log-in and password information. Once that person is authenticated, Facebook sends a cookie to that user’s browser to enable access. After the cookie is sent, however, the connection no longer runs on a secure layer, sometimes known as the HTTPS protocol, what is essentially a persistent form of authentication.
Online banking operations, for example, only allow for persistent authentication. Facebook and Twitter, however, do not. In most situations, the lack of a continuous secure connection is not a problem, as the authentication cookie sits on the user’s browser and is not easy to hack. But on public Wi-Fi networks, these cookies are literally floating through the air, a flaw that Firesheep exploits by grabbing them and allowing anyone who has installed the Firesheep extension to access a Facebook session started by someone on any wireless network.
Read the entire article.
[…] media these days. Most, if not all mention the intrusive type where your data is either stolen, exposed or sold. Not much is mentioned toward the slight privacy tweaks that may still leave our networks […]