New Firefox add-on "Firesheep" - hijacks Facebook, Twitter sessions
Oct 30, 2010
A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services, a security researcher warned today. The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego. Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots. Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog . "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Fires