Now Anyone at Your Café Can Hijack Your Facebook Account

Now Anyone at Your Café Can Hijack Your Facebook Account

www.datelinezero.com

This Firesheep extension can show you a graphical list of the online accounts of everyone sharing an open wireless network with you. With one click on an icon, you’re instantly logged in as them.
...
.. the Firefox add-on is actually exploiting a problem that has been known to exist for a decade.
Until recently, the security loophole has been used by people with the knowledge and experience to exploit it. But this tool allows anyone to easily brows your personal information ...

(visit the link for the full news article)


Related News Links:
codebutler.com
techcrunch.com
www.guardian.co.uk

Eric Butler is the guy who made Firesheep, which allows anyone with the most remedial skills to "sidejack" vulnerable websites using your login info. He says he made the Firefox extension to force the long-neglected security flaws to be addressed.

This is a pretty controversial way to force the issue, though. Like Wikileaks -- leaking classified documents to force the conversation about the consequences of the war -- Butler is going to have his enemies.

A quote from him: "Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web."

I linked to Butler's website in the additional news links section.

www.datelinezero.com
(visit the link for the full news article)

Thing is, is not that easy to implement now a secure encryption routine in all of the servers.
Security has to be the last thing that mark z was thinking when he was first building facebook in php

I don't see why they target Facebook on this article. This type of exploit can be used on many websites, including ATS.

Maybe the tool is specifically designed for Facebook, I don't know, but the exploit they take advantage of is possible on multiple websites.

reply to post by mother1138


You know what their response is going to be?

"You want a more secure web? Well great. We'll give it to you when you buy into Internet 2.0 and subscribe to our website for $5 a month."

Now this can happen?

Anyone has been able to do this with freely available tools for the past half-decade or so. This is nothing new; it's just in a shiny new package.

reply to post by mother1138


Like the article says this security loop-hole has been around for a while. Honestly though I don't see how it could surprise anyone. Imagine purposefully leaving your wallet out in the middle of a public place with all your personal information in it and all someone has to do is flip it open and look inside. Now whose fault is it when curiosity or greed gets the best of someone and they actually take a look at that wallet? My point: Be mindful of your online privacy and security and don't be dumb enough to use public wifi hotspots/Networks if you're doing something that involves personal information.

reply to post by Highground


But just as buffer overflows need working exploits to ensure future fixes, so too must the theatre continue with the mitm as well

Well, seems somebody found a fix for this pretty quickly.

Protect yourself from Firesheep

Firesheep banks on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep.

Anytime you’re using an open Wi-Fi connection, anyone can swiftly access some of your most private, personal information and correspondence (i.e. direct messages, Facebook mail/chat)— at the click of a button.

Why I never use public wifi; and still prefer wired connections.

All that information being thrown about in the air above us will, in reality, never be safe. (Not that you should be browsing private information in public anyway)