independent and unofficial
Prince fan community
Welcome! Sign up or enter username and password to remember me
Forum jump
Forums > General Discussion > Ho.Lee.Crap.
« Previous topic  Next topic »
  New topic   Printable     (Log in to 'subscribe' to this topic)
Author

Tweet     Share

Message
Thread started 10/25/10 7:49pm

Genesia

avatar

Ho.Lee.Crap.

Now Anyone at Your Café Can Hijack Your Facebook Account

Now Anyone at Your Café Can Hijack Your Facebook Account

A new Firefox extension lets anyone sharing an open wireless network at your neighborhood café or workplace to easily access your Facebook, Twitter and myriad other online accounts. It's a terrifying tool designed to highlight a longstanding problem.

Seattle programmer Eric Burler's new Firesheep extension can show you a graphical list of the online accounts of everyone sharing an open wireless network with you. With one click on an icon, you're instantly logged in as them. A screenshot:

Now Anyone at Your Café Can Hijack Your Facebook Account

"HOLY CRAP" sums up the general Twitter reaction, as compiled by TechCrunch.

The vulnerability exploited by Firesheep has been there for years. Many major websites transmit the keys to your account — your login HTTP "cookies" — completely in the clear, with no encryption whatsoever. That's not a problem when you're on a well secured wireless network; for example if your local cafe uses WPA encyrption on the router, you'd almost certainly be fine. The vulnerable networks are those that are totally open, as well as, possibly, networks that use the weak WEP password system. You'll typically see these types of vulnerable networks in college dormitories, cafes and restaurants, or at other businesses that never bothered to modernize their wireless infrastructure.

Vulnerable sites include Amazon, Dropbox, Facebook, Flickr, Foursquare, Google, nytimes.com, Tumblr, Twitter, Wordpress, Yahoo and Yelp. These sites could fix the problem by routing cookies through the secure HTTPS protocol. Indeed, encouraging them to do so is why Butler created Firesheep:

Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web.

Judging from internet reaction to Firesheep, that's already happening.

We don’t mourn artists because we knew them. We mourn them because they helped us know ourselves.
  - E-mail - orgNote - Report post to moderator
Reply #1 posted 10/25/10 7:52pm

Efan

avatar

The Amazon security breach scares me more. So if I were signed in, someone could place an order under my account? Not cool.

  - E-mail - orgNote - Report post to moderator
Reply #2 posted 10/25/10 11:55pm

squirrelgrease

avatar
If prince.org were to be made idiot proof, someone would just invent a better idiot.
  - E-mail - orgNote - Report post to moderator
Reply #3 posted 10/26/10 12:57am

PunkMistress

avatar

squirrelgrease said:

The fix for now: https://addons.mozilla.or...don/12714/

Installed!

Thanks!

It's what you make it.
  - E-mail - orgNote - Report post to moderator
Reply #4 posted 10/26/10 5:24am

wildgoldenhone
y

squirrelgrease said:

The fix for now: https://addons.mozilla.or...don/12714/

Need this since I have to search for connections!

  - E-mail - orgNote - Report post to moderator
  New topic   Printable     (Log in to 'subscribe' to this topic)
« Previous topic  Next topic »
Forums > General Discussion > Ho.Lee.Crap.