Every time you sit down at a coffee house, turn on your computer, logon to the free Wi-Fi connection they provide, how safe do you think you, and your online activities, are? Well, apparently not really, because most websites only encrypt sensitive data like passwords during initial login, but everything else will still be in its original form. This means that your cookies will be extremely vulnerable and a simple HTTP session hijacking can get hold of that information and do anything they want on a particular website using your account.
A web app developer has recently developed the Firesheep, a Firefox addon that allows even the most novice user to scan a Wi-Fi network and hijack other people’s Facebook, Twitter and other online accounts. All the user has to do is connect to an open Wi-Fi network, click a button and the addon will start capturing login data and displaying user details at the sidebar. If they wish to hijack a particular account, all they have to do is double-click on the name and voila! They’re in. It’s a free and open source and please don’t be happy just because you think that your Apple Mac is very secure, it works on Mac OS X too. Mozilla can very well block the application, but according to the Director of Firefox, he said that they will not be doing that because it doesn’t exploit a vulnerability in the browser itself.
More after the jump.
Ubsacc2004's Blog 