 | |
| |
| 25 Oct 2010 | |
| Arch Linux 64-bit 713 posts Ireland | Firefox Extension Allows Anyone to Steal Logins over Insecure Networks Quote: A newly released Firefox extension, allows virtually anyone to hijack other people's accounts on popular websites like Facebook or Twitter, when connected over open wireless networks and not using HTTPS. ... |
My System Specs | |
| 25 Oct 2010 | |
| Windows 7 Professional 64bit 271 posts East Hampton, NY | Thanks for the heads up. |
| My System Specs |
| 25 Oct 2010 | |
| Windows 7 Professional (32-bit) 20 posts | Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway. |
| My System Specs |
| . |
| |
| 28 Oct 2010 | |
| Windows 7 x86/x64, Server 2008r2, Web Server 2008 1,907 posts | Facebook/Twitter Now Less Secure Quote: Hacking into someone else’s Facebook or Twitter account is now as easy as installing a browser extension. Firesheep is a new Firefox extension designed to hijack sessions belonging to 26 online services, including Amazon, Facebook, Foursquare, Google, Twitter, and Yahoo. The packet sniffing tool springs into action the moment someone logs in to any of the supported sites over an open Wi-Fi connection Firefox Extension Hijacks Facebook and Twitter Sessions over Open Wi-Fi | Maximum PC |
| My System Specs |
| 28 Oct 2010 | |
| Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1 2,941 posts Central Pa. | An alert for wi-fi users.... I do not use wi-fi, and did not see anything in search about this, but I wanted anyone that does use wi-fi to be aware. Quote: Firesheep has made it possible for any moron to raid your Web use, but there are ways you can stop it. Here are a few of them. GRC's take on the subject Quote: What any open hotspot can do to protect its users… And.... Quote: At Noon on Sunday, October 24th, 2010, during the final day of the 12th annual Toorcon Security Conference held in San Diego, two Seattle, Washington-based hackers, Eric Butler and Ian Gallagher, brought web session hijacking to the masses |
| My System Specs |
| 29 Oct 2010 | |
| Windows 7 Professional x64 24 posts Brest (France) | Well : it's time to extend https wider than existing secure web sites, isn't it ? In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ? |
| My System Specs |
| 29 Oct 2010 | |
| Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1 2,941 posts Central Pa. | 
Quote: Originally Posted by timofort  Well : it's time to extend https wider than existing secure web sites, isn't it ? In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ? I can not find a link to verify it now, but there have been reports that wi-fi hotspot owners will harvest the log-ins to sell later to bot-net operators. Here's F-secure's take on the subject, in a country near you: F-Secure Weblog : News from the Lab |
| My System Specs |
| 29 Oct 2010 | |
| Windows 7 64Bit 2,653 posts Earth > Europe > Slovenia | open Wi-Fi connection ? that means that the one who is trying to do this has to be near your WI-FI? |
| My System Specs |
| 29 Oct 2010 | |
| Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1 2,941 posts Central Pa. | Hi ld, As I said earlier, I don't work with wi-fi, but I would think there would be a range limit. It been known that people will drive around in their cars to hunt down signals. You can inadvertently pick up a neighbors. My water meter is read by a person riding around in a Co. truck. The power Co. reads my usage, and that reading is sent back through the transmission lines. The power Co. example reminds me of DSL on the phone lines. |
| My System Specs |
| 08 Nov 2010 | |
| Win 7 Ultimate 64-bit. SP1. 1,236 posts | Firesheep author takes backhanded pot-shot at free speech Quote: Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far. The decision to release Firesheep publicly is a controversial one. On the good side, it's reminded people that some of their common web surfing habits are dangerously insecure. Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie - a secret authentication token - in every request. Websites which send session cookies in unencrypted HTTP requests are exposing your login credentials - albeit only for one session - to anyone else nearby on the network. If you're on an unencrypted WiFi connection, for example at a local coffee bar, then anyone within range of the WiFi access point can hijack your login. Since Firesheep proves just how dangerous it is to send session cookies in insecure network packets, it is likely to push businesses such as Facebook and Twitter to adopt HTTPS as an all-session default much sooner than they might otherwise have done. More - Firesheep author takes backhanded pot-shot at free speech | Naked Security |
| My System Specs |
 |
Firefox Extension Allows Anyone to Steal Logins over Insecure Networks problems?
| Thread Tools | |
| Similar help and support threads for: Firefox Extension Allows Anyone to Steal Logins over Insecure Networks | ||||
| Thread | Forum | |||
| Google Music Downloader - Firefox extension | Browsers & Mail | |||
| TrackerBlock 2.0.1 Firefox Extension | Browsers & Mail | |||
| Malware aimed at social networks may steal your reality | Chillout Room | |||
| Looking for a Firefox extension ....... | Browsers & Mail | |||
| Mozilla/Foxfire - Insecure Java Plugin in Firefox | System Security | |||
All times are GMT -5. The time now is 02:25 PM.
