PDA

View Full Version : Firesheep - easily capture Facebook, twitter account details



Glass
5th November 2010, 11:07 PM
I saw an article in the print version of my local paper this morning.



Free cafe WiFi open to hacking
[size=10pt]
Internet users across Perth are being unwittingly exposed to amateur hackers when they use free WiFi networks provided by cafes and fast food outlets, including McDonald's.

In an investigation this week, The West Australian gathered a group of volunteers with wireless devices including laptops, iPhones and iPads at Subiaco cafe Mooba and asked them to use complimentary WiFi to log on to personal accounts such as Facebook, Twitter, Foursquare and Flickr.

Using a new add-on to the Mozilla Firefox browser, called Firesheep, we were able to quickly and easily take control of their accounts as they drank coffee and chatted.

Firesheep takes advantage of WiFi networks not protected with passwords, including those at more than 50 McDonald's restaurants in WA.

Firesheep is at the centre of the latest privacy backlash against social networking sites, after Seattle man Eric Butler unleashed it two weeks ago in protest against gaping holes in the security of major websites.

Mooba manager Hannah Cameron took part in the investigation and was surprised at how easy it was to effectively steal the identities of WiFi users.

"I had no idea just how bad it was," Ms Cameron said, after watching The West Australian and PC GURU managing director Jason Jordan take over Mooba's Twitter account with just a click of a button.


Here's the online version (http://au.news.yahoo.com/thewest/a/-/mp/8268693/free-cafe-wifi-open-to-hacking/).

Basically it is about a plug in for Firefox that scans packets on networks and collects the password details for Facebook, Twitter and other social networking accounts.

If the network is unsecured like a cafe Wifi network you can sit there with your laptop and scoop up peoples log in details giving you access to their accounts. Now this is not new to IT people but it is new to the morons er sheep who use those types of things.

The key thing is that it is easier than ever. The packet capture tools have been around for a long time, its the scanning of the captured data that is the difficult part and Firesheep does all of that for you. The other thing you need to have access to the network so you either know a network password or the network needs to be unsecured.

kregener
6th November 2010, 01:20 AM
I am going to immediately rush down to the local Starbuck's and post this on Facebook and then Twitter the hell out of it while eating a pasta salad and listening to a motivational cassette tape... ;)