Seattle based Coder Eric Butler is obviously fed up with the security flaws in a lot of our favourite web applications; twitter, facebook and flickr and after his pleas were ignored has developed a simple firefox app to demonstrate how weak our accounts are when accessed on unsecured public Wifi.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
The Firesheep application highlights this is issue by hacking into the accounts of anyone who logs into the same unsecured Wifi as the user with potentially dire consequences.
With such technologies now firmly in the public domain, my advice to your dead readers regarding unsecured Wifi is to STOP IT, STOP IT RIGHT NOW. One hopes the 5k+ Tweets and 10k+ facebook Likes on Butler’s article were done securely but moreover Trebuchet urges you to start petitioning your favourite web app for a solution pronto.
Please note: I’d be VERY careful about installing ANY software that purports to be a piece of ‘hacking’ software per se especially one as seemingly transparent as this. You casually nefarious people have been warned.
Trebuchet accepts no responsibility for anything that happens if you’re dumb enough to try this software. Moreover we ain’t legally responsible for your actions.
The aim of art is to represent not the outward appearance of things, but their inward significance. – Aristotle