You might want to think twice about logging into your Facebook account or Tweeting the next time you're on a public Wi-Fi hotspot. As TechCrunch reports, a new Firefox extension called Firesheep is causing quite a stir. It allows basically anyone to harvest other users' log-in information with a simple, easy-to-use interface. In the words of the Firesheep website, "As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed. . . . Double-click on someone, and you're instantly logged in as them."
The Firesheep information page provides some interesting background information. In short, the developer seems to be taking an ends-justify-the-means approach to helping secure popular websites:
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL
The extension is available free of charge for Windows and Mac OS X, and the source code can be downloaded here. You may start panicking in three, two, one...
|1. Hdfisise - $600||2. Ryszard - $503||3. Andrew Lauritzen - $502|
|4. the - $306||5. SomeOtherGeek - $300||6. Ryu Connor - $250|
|7. doubtful500 - $200||8. Anonymous Gerbil - $150||9. webkido13 - $135|
|10. cygnus1 - $126|
|Samsung docs detail Linux TRIM bug and fix||6|
|Windows 10's Solitaire games go freemium||26|
|The Tech Report Podcast live stream returns tonight||5|
|Samsung Q2 earnings fall, mobile device sales disappoint||23|
|IDC: Worldwide tablet market continues to decline||30|
|Intel updates IGP drivers for Windows 10||62|
|GeForce GTX 980 Ti cards compared||21|
|G.Skill prepares for Skylake with 4GT/s DDR4 memory||28|
|Nvidia releases GeForce 353.62 drivers for Windows 10||23|
|TL;DR: Annoying ads annoy users.||+34|