Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

25 Oct 2010   #1
malexous

Arch Linux 64-bit
 
 
Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

Quote:
A newly released Firefox extension, allows virtually anyone to hijack other people's accounts on popular websites like Facebook or Twitter, when connected over open wireless networks and not using HTTPS.
...
Firefox Extension Allows Anyone to Steal Logins over Insecure Wireless Networks - Softpedia


My System SpecsSystem Spec
.
25 Oct 2010   #2
roban

Windows 7 Professional 64bit
 
 

Thanks for the heads up.
My System SpecsSystem Spec
25 Oct 2010   #3
slam

Windows 7 Professional (32-bit)
 
 

Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway.
My System SpecsSystem Spec
.

28 Oct 2010   #4
mckillwashere

Windows 7 x86/x64, Server 2008r2, Web Server 2008
 
 
Facebook/Twitter Now Less Secure

Quote:
Hacking into someone else’s Facebook or Twitter account is now as easy as installing a browser extension. Firesheep is a new Firefox extension designed to hijack sessions belonging to 26 online services, including Amazon, Facebook, Foursquare, Google, Twitter, and Yahoo. The packet sniffing tool springs into action the moment someone logs in to any of the supported sites over an open Wi-Fi connection

Firefox Extension Hijacks Facebook and Twitter Sessions over Open Wi-Fi | Maximum PC
My System SpecsSystem Spec
28 Oct 2010   #5
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 
An alert for wi-fi users....

I do not use wi-fi, and did not see anything in search about this, but I wanted anyone that does use wi-fi to be aware.
Quote:
Firesheep has made it possible for any moron to raid your Web use, but there are ways you can stop it. Here are a few of them.
More here:Five Ways to Shear Firesheep | ZDNet


GRC's take on the subject
Quote:
What any open hotspot can do to protect its users…
Instant Hotspot Protection from “FireSheep” | Steve*(GRC) Gibson's Blog

And....
Quote:
At Noon on Sunday, October 24th, 2010, during the final day of the 12th annual Toorcon Security Conference held in San Diego, two Seattle, Washington-based hackers, Eric Butler and Ian Gallagher, brought web session hijacking to the masses
Why Firesheep’s Time Has Come | Steve*(GRC) Gibson's Blog
My System SpecsSystem Spec
29 Oct 2010   #6
timofort

Windows 8.1 Professional x64
 
 

Well : it's time to extend https wider than existing secure web sites, isn't it ?

In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
My System SpecsSystem Spec
29 Oct 2010   #7
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Quote   Quote: Originally Posted by timofort View Post
Well : it's time to extend https wider than existing secure web sites, isn't it ?

In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
Yes I believe it.
I can not find a link to verify it now, but there have been reports that wi-fi hotspot owners will harvest the log-ins to sell later to bot-net operators.

Here's F-secure's take on the subject, in a country near you:
F-Secure Weblog : News from the Lab
My System SpecsSystem Spec
29 Oct 2010   #8
lorddenis

 

open Wi-Fi connection ? that means that the one who is trying to do this has to be near your WI-FI?
My System SpecsSystem Spec
29 Oct 2010   #9
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi ld,

As I said earlier, I don't work with wi-fi, but I would think there would be a range limit.

It been known that people will drive around in their cars to hunt down signals.
You can inadvertently pick up a neighbors.
My water meter is read by a person riding around in a Co. truck.
The power Co. reads my usage, and that reading is sent back through the transmission lines.

The power Co. example reminds me of DSL on the phone lines.
My System SpecsSystem Spec
08 Nov 2010   #10
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Firesheep author takes backhanded pot-shot at free speech

Quote:

Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far.

The decision to release Firesheep publicly is a controversial one. On the good side, it's reminded people that some of their common web surfing habits are dangerously insecure.

Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie - a secret authentication token - in every request.

Websites which send session cookies in unencrypted HTTP requests are exposing your login credentials - albeit only for one session - to anyone else nearby on the network. If you're on an unencrypted WiFi connection, for example at a local coffee bar, then anyone within range of the WiFi access point can hijack your login.
Since Firesheep proves just how dangerous it is to send session cookies in insecure network packets, it is likely to push businesses such as Facebook and Twitter to adopt HTTPS as an all-session default much sooner than they might otherwise have done.
'
More -
Firesheep author takes backhanded pot-shot at free speech | Naked Security
My System SpecsSystem Spec
Reply

 Firefox Extension Allows Anyone to Steal Logins over Insecure Networks




Thread Tools





Similar help and support threads
Thread Forum
Cannot Install Windows Media Player Extension In Firefox
Well, I know this is an old problem and I overcame it once before but like the ignoramus I sometimes am I failed to bookmark or otherwise save the solution. I know it involves either creating or copying a folder from C\Program Files x86\Mozilla (Mozilla Firefox?), perhaps a plugin folder, and then...
General Discussion
firefox add-on/extension to save previous session windows/tabs ?
hi folks, does anyone know a good add-on / extension for ff which 'saves' your open windows/tabs. i tell u why. when i use ccleaner to empty the cache/clear cookies etc. and then restart ff, all my open previous windows are gone. and yes, i have enabled in tools in ff: save last open windows/tabs...
Browsers & Mail
Malware aimed at social networks may steal your reality
Malware aimed at social networks may steal your reality - Computerworld Blogs Does this bother anyone else?
Chillout Room
Looking for a Firefox extension .......
....... that opens a balloon when a word or words are highlighted. The balloon contains icons for Google, Bing and 2 or 3 other search engines. Had this installed but lost it and can't find it when searching for Add-ons. Anyone recognise it and know its name? Found another one that copies...
Browsers & Mail
Mozilla/Foxfire - Insecure Java Plugin in Firefox
Mozilla is disabling older versions of the Java Deployment Toolkit plugin for Firefox users, in a bid to block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code. Please read the rest of the story Mozilla Disables Insecure...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App