Firesheep is basically a packet sniffer that can analyze all the unencrypted Web traffic on an open Wi-Fi connection between a Wi-Fi router and the personal computers on the same network. The extension waits for someone to log in to any of the 26 sites listed in Firesheep's database. When you log in to Amazon, for example, your browser's Amazon-specific cookie communicates with the site and contains personally identifying information such as your user name and an Amazon session number ID.
As your browser swaps cookie information back and forth with the Website a third party can hijack that communication and capture info including your user name and session ID. Typically, the cookie will not contain your password. But even without your password, the fact that Firesheep has snagged your session cookie means that a hacker can, at least in theory, access your account and gain virtually unrestricted access. If the hacker got your Yahoo Mail cookie they could send an e-mail, if it was Facebook they may be able to post a message and so on. Any operations that require your password, however, such as accessing your credit card information on Amazon should not be possible using Firesheep.
Protect yourself when using open wifi, by using SSL/HTTPS on your browser.
Alot of addons for auto use SSL on site for Chrome and Firefox. It may help you to not get sidejacked.
Alot of addons for auto use SSL on site for Chrome and Firefox. It may help you to not get sidejacked.
0 comment(s) to... “Firesheep”
0 comments:
Post a Comment