Let me introduce you to a Firefox addon called FireSheep. What FireSheep does is it hi-jacks other peoples session and lets you use it. For instance close to all sites on the web store cookies on their servers. Now I am not talking about the chocolate chip type of cookies.
Nope, these cookies save your preferred settings for sites, while other cookies have your username and password on them.
To break into someone's account just open up FireSheep, click ‘Start Capturing’ and it will list all the users in your network that are currently logged on. For instance sites like Gmail, Yahoo and Facebook will most likely appear.
So all you would have to do to is double click on a name or icon in FireSheep and I can access your account. All I did was steal your cookies and tricked the site into allowing me to log in.
From here I can do what ever I want. Post on your wall, message someone, or if I wanted even change your password. All this without me ever knowing what your password was and without leaving a trace.
Now before you go bashing on FireSheep, the creator of made it to warn sites like Facebook to cover holes in the sites and to stop HTTP session hi-jacking. Even though people might use it for wrong, that was not the original intention for it.
Nope, these cookies save your preferred settings for sites, while other cookies have your username and password on them.
To break into someone's account just open up FireSheep, click ‘Start Capturing’ and it will list all the users in your network that are currently logged on. For instance sites like Gmail, Yahoo and Facebook will most likely appear.
So all you would have to do to is double click on a name or icon in FireSheep and I can access your account. All I did was steal your cookies and tricked the site into allowing me to log in.
From here I can do what ever I want. Post on your wall, message someone, or if I wanted even change your password. All this without me ever knowing what your password was and without leaving a trace.
Now before you go bashing on FireSheep, the creator of made it to warn sites like Facebook to cover holes in the sites and to stop HTTP session hi-jacking. Even though people might use it for wrong, that was not the original intention for it.
No comments:
Post a Comment