Scary but unsurprising

At the Toorcon 12 security conference, Ian Gallagher and Eric Butler presented Hey Web 2.0: Start protecting user privacy instead of pretending to. Eric Butler released a free open-source tool and Firefox browser addon called Firesheep. Now any person, or idiot, can use Firesheep to scan local Wi-Fi networks and find users who are logged into Facebook, Twitter, Amazon, Google, FourSquare, Dropbox, Hacker News, Windows Live, Cisco, Evernote, WordPress, Flickr, bit.ly and many other services. There is a list of sites that Firesheep will sniff and hijack.

Butler blogged “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy….When it comes to user privacy, SSL is the elephant in the room.”

– “Firesheep addon allows the clueless to hack Facebook, Twitter over Wi-Fi

I kind of like this. It brings attention to the insecurity of WiFi connections. I wonder if this will get big enough that anything will actually change. It seems to have worked on Hotmail already.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s