Whenever you connect to an unsecured WiFi network, you’re taking a chance, but now it’s easier than ever for someone to gain access to all of your social network login information. A new Firefox extension called Firesheep makes it simple for anyone to see that you’re connected to the network, grab your login information for any number of social networks, and take over your online identity.
Without this, hacking your account over an unsecured wireless network may not be rocket science, but it surely isn’t the one-click magic made possible by Firesheep.
Firesheep takes advantage of unsecured wireless networks and unencrypted cookies to “sidejack”, or gain access to sites by way of accessing these cookies. Developed by Eric Butler, a freelance web application and software developer in Seattle, Washington, Firesheep was created and released at Toorcon 12 to demonstrate the security risk inherent in storing unencrypted login data in cookies. As Butler writes on his blog, “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”
Firesheep opens a sidebar in Firefox that shows everyone who is connected to a certain unsecured WiFi network. With a single click, you can connect to most any social network using that person’s user name and password.
By making it this easy to hack other users accounts, Butler says that he is hoping the extension will force major sites like Twitter or Facebook to act responsibly and protect their users.
“Websites have a responsibility to protect the people who depend on their services,” writes Butler. “They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”