First note that I’m not sharing this so you can hack other users’ Facebook or Twitter accounts. This is for informational purposes only and to warn users of social networking sites regarding the risks they are in when accessing those unsecured websites through public Wi-Fi hotspots.
There’s a new Firefox extension called Firesheep (thanks Eric Butler) that will sniff for logged-in users on specific websites, including Facebook and Twitter – allowing Firesheep users to gain access to the accounts within the same Wi-Fi network. Hacking through the use of this extension has been made even easier that it won’t require any programming skills rather than adding the application to the Firefox browser. The extension works by exploiting the website cookies left vulnerable. It supports both Mac and PC.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
To see how Firesheep works and how vulnerable users on public Wi-Fi hotspots are, take a look at this video below.
This basically reminds us of taking extra care when accessing unsecured websites (non-HTTP) in public Wi-Fi hotspots.