Free WordPress Security Mini Course

Another Easy Tool For Website Hackers Released-Firesheep!

Wireless security has always been a matter of concern for anyone that accesses wireless Internet. But the release of a new free Firefox plugin called Firesheep has heightened paranoia of wireless security to a new level. Here’s a quick summary about how this little plugin works.

Firesheep Firefox plugin makes it easy to hack a user's Facebook account

Firesheep Firefox plugin makes it easy to hack a user's Facebook account

  1. You decide to stop in to a local coffee shop with free wireless Internet. There is no WEP or WAP security so you simply find the WiFi and click connect.
  2. Now you’re sipping your coffee and happily browsing your emails, the news, and then you get a notice that you have a friend request on Facebook.
  3. You decide to head over to http://www.Facebook.com and you type in your username and password and login.
  4. But wait… who’s that guy sitting there over in the corner on his laptop? You didn’t even notice him… but he noticed your browser just logged into Facebook! And now he simply clicks your login session and he is now logged into your Facebook account! Dooh!

Wireless security has always been a matter of heated discussion for anyone conscious of privacy risks, but now that’s as easy as Download, Find, Click, and you’re Logged In to a facebook account, twitter account, whatever account you want… now it’s suddenly reviving a lot of buzz.

Apparently Butler, the plugin developer, claims he created this unsavoury tool to expose the lack of security on the web.

“Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” Butler says.

Butler futher explains: “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.”

So basically anytime you use an open WiFi connection, there’s now a chance that someone can access your most private, personal information and correspondences. If a website is not secure (using HTTPS), it keeps track of you through a cookie which contains identifiable information. Firesheep simply grabs these cookies and lets a user pretend to be the person with unsecured cookies.

Not concerned about someone getting into your Facebook or Twitter account? Maybe you’ll be more concerned about the fact that this Firefox plugin can also work with sites like WordPress. Essentially any website that has a non-secure login can be “hacked” with this tool.

This is truly nasty security stuff. It makes me cringe just thinking about all the little wannabe hackers hanging around free public WiFi connections that now have an easy tool to hack peoples’ accounts.

But like most security issues, this is a matter of education. Here are a couple tips for those of you that continue to access public WiFi.

  1. Try to only access WiFi that has some sort of security. Preferably something like WPA with a password. (Usually the WiFi shop will publish their password on a sign somewhere). Even WPA isn’t 100% secure but at least you can eliminate all the little wannabe hackers.
  2. Next, don’t access sites with non-secure URLs. We previously wrote about how to access sites like Facebook and Twitter using HTTPS instead of their normal HTTP URLs.

Leave a Reply

  1. Digital Society online services security report card | Stop Wordpress Hackers11-09-10
  2. How to Turn on Hotmail HTTPS Browsing | Stop Wordpress Hackers11-11-10