Home At a Cafe? I Can Hack Your Facebook, Twitter, Etc…With a Firefox Extension

At a Cafe? I Can Hack Your Facebook, Twitter, Etc…With a Firefox Extension

Whenever you connect to an unsecured WiFi network, you’re taking a chance, but now it’s easier than ever for someone to gain access to all of your social network login information. A new Firefox extension called Firesheep makes it simple for anyone to see that you’re connected to the network, grab your login information for any number of social networks, and take over your online identity.

Without this, hacking your account over an unsecured wireless network may not be rocket science, but it surely isn’t the one-click magic made possible by Firesheep.

Firesheep takes advantage of unsecured wireless networks and unencrypted cookies to “sidejack”, or gain access to sites by way of accessing these cookies. Developed by Eric Butler, a freelance web application and software developer in Seattle, Washington, Firesheep was created and released at Toorcon 12 to demonstrate the security risk inherent in storing unencrypted login data in cookies. As Butler writes on his blog, “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”

Firesheep opens a sidebar in Firefox that shows everyone who is connected to a certain unsecured WiFi network. With a single click, you can connect to most any social network using that person’s user name and password.

By making it this easy to hack other users accounts, Butler says that he is hoping the extension will force major sites like Twitter or Facebook to act responsibly and protect their users.

“Websites have a responsibility to protect the people who depend on their services,” writes Butler. “They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”

Earlier today, TechCrunch pointed to Force-TLS as a potential solution. The Firefox extension allows you to force sites like Twitter or Facebook to use HTTPS. In the comments, users also pointed to a Chrome extension that has similar functionality. Many, however, pointed out that the most secure route is to set up a VPN (virtual private network) for whenever you access the Internet using unsecured wireless. Others pointed to an SSH (secure shell), which allows the secure transfer of information. At the same time, other commenters pointed out ways that these too might not be secure.

It seems that Butler has a valid point and maybe, only through making the insecurities this glaringly obvious, will the big social networks – with which we share all our daily minutiae – change their insecure ways.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.