Hacking Facebook and Twitter Accounts Possible with Firesheep Firefox Extension

Hacking Facebook and Twitter Accounts Possible with Firesheep Firefox Extension

First note that I’m not sharing this so you can hack other users’ Facebook or Twitter accounts. This is for informational purposes only and to warn users of social networking sites regarding the risks they are in when accessing those unsecured websites through public Wi-Fi hotspots.

There’s a new Firefox extension called Firesheep (thanks Eric Butler) that will sniff for logged-in users on specific websites, including Facebook and Twitter – allowing Firesheep users to gain access to the accounts within the same Wi-Fi network. Hacking through the use of this extension has been made even easier that it won’t require any programming skills rather than adding the application to the Firefox browser. The extension works by exploiting the website cookies left vulnerable. It supports both Mac and PC.

It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

To see how Firesheep works and how vulnerable users on public Wi-Fi hotspots are, take a look at this video below.

This basically reminds us of taking extra care when accessing unsecured websites (non-HTTP) in public Wi-Fi hotspots.

To receive latest technology updates, you can subscribe either by E-mail or by RSS Feeds. Follow me also on Twitter.

Bert Padilla

Founding-Editor of Cebu Tech Blogger where he shares insights in eCommerce, Digital Marketing, Ad Ops, Tech, Startups, Technopreneurship, Life Goals and Hacks. He's the brainchild and ninja of a Cebu-based digital agency, TekWorx.Digital, with ventures TekWorx, (eCommerce and Digital Marketing), AdWorx (Outsourced Ad Ops for Publishers) and BlogWorx (full-fledged Blog Development service). Read his Full Curriculum Vitae. For training and consultancy, services, speaking engagements, blog partnerships or media invites, click here. Alternatively, get in touch with him on Messenger.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu