Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Firefox Extension Allows Anyone to Steal Logins over Insecure Networks


25 Oct 2010   #1

Arch Linux 64-bit
 
 
Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

Quote:
A newly released Firefox extension, allows virtually anyone to hijack other people's accounts on popular websites like Facebook or Twitter, when connected over open wireless networks and not using HTTPS.
...
Firefox Extension Allows Anyone to Steal Logins over Insecure Wireless Networks - Softpedia


My System SpecsSystem Spec
.

25 Oct 2010   #2

Windows 7 Professional 64bit
 
 

Thanks for the heads up.
My System SpecsSystem Spec
25 Oct 2010   #3

Windows 7 Professional (32-bit)
 
 

Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway.
My System SpecsSystem Spec
.


28 Oct 2010   #4

Windows 7 x86/x64, Server 2008r2, Web Server 2008
 
 
Facebook/Twitter Now Less Secure

Quote:
Hacking into someone else’s Facebook or Twitter account is now as easy as installing a browser extension. Firesheep is a new Firefox extension designed to hijack sessions belonging to 26 online services, including Amazon, Facebook, Foursquare, Google, Twitter, and Yahoo. The packet sniffing tool springs into action the moment someone logs in to any of the supported sites over an open Wi-Fi connection

Firefox Extension Hijacks Facebook and Twitter Sessions over Open Wi-Fi | Maximum PC
My System SpecsSystem Spec
28 Oct 2010   #5

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 
An alert for wi-fi users....

I do not use wi-fi, and did not see anything in search about this, but I wanted anyone that does use wi-fi to be aware.
Quote:
Firesheep has made it possible for any moron to raid your Web use, but there are ways you can stop it. Here are a few of them.
More here:Five Ways to Shear Firesheep | ZDNet


GRC's take on the subject
Quote:
What any open hotspot can do to protect its users…
Instant Hotspot Protection from “FireSheep” | Steve*(GRC) Gibson's Blog

And....
Quote:
At Noon on Sunday, October 24th, 2010, during the final day of the 12th annual Toorcon Security Conference held in San Diego, two Seattle, Washington-based hackers, Eric Butler and Ian Gallagher, brought web session hijacking to the masses
Why Firesheep’s Time Has Come | Steve*(GRC) Gibson's Blog
My System SpecsSystem Spec
29 Oct 2010   #6

Windows 8.1 Professional x64
 
 

Well : it's time to extend https wider than existing secure web sites, isn't it ?

In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
My System SpecsSystem Spec
29 Oct 2010   #7

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Quote   Quote: Originally Posted by timofort View Post
Well : it's time to extend https wider than existing secure web sites, isn't it ?

In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
Yes I believe it.
I can not find a link to verify it now, but there have been reports that wi-fi hotspot owners will harvest the log-ins to sell later to bot-net operators.

Here's F-secure's take on the subject, in a country near you:
F-Secure Weblog : News from the Lab
My System SpecsSystem Spec
29 Oct 2010   #8

 

open Wi-Fi connection ? that means that the one who is trying to do this has to be near your WI-FI?
My System SpecsSystem Spec
29 Oct 2010   #9

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi ld,

As I said earlier, I don't work with wi-fi, but I would think there would be a range limit.

It been known that people will drive around in their cars to hunt down signals.
You can inadvertently pick up a neighbors.
My water meter is read by a person riding around in a Co. truck.
The power Co. reads my usage, and that reading is sent back through the transmission lines.

The power Co. example reminds me of DSL on the phone lines.
My System SpecsSystem Spec
08 Nov 2010   #10
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Firesheep author takes backhanded pot-shot at free speech

Quote:

Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far.

The decision to release Firesheep publicly is a controversial one. On the good side, it's reminded people that some of their common web surfing habits are dangerously insecure.

Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie - a secret authentication token - in every request.

Websites which send session cookies in unencrypted HTTP requests are exposing your login credentials - albeit only for one session - to anyone else nearby on the network. If you're on an unencrypted WiFi connection, for example at a local coffee bar, then anyone within range of the WiFi access point can hijack your login.
Since Firesheep proves just how dangerous it is to send session cookies in insecure network packets, it is likely to push businesses such as Facebook and Twitter to adopt HTTPS as an all-session default much sooner than they might otherwise have done.
'
More -
Firesheep author takes backhanded pot-shot at free speech | Naked Security
My System SpecsSystem Spec
Reply

 Firefox Extension Allows Anyone to Steal Logins over Insecure Networks




Thread Tools



Similar help and support threads for2: Firefox Extension Allows Anyone to Steal Logins over Insecure Networks
Thread Forum
Malware aimed at social networks may steal your reality Chillout Room
Looking for a Firefox extension ....... Browsers & Mail
Mozilla/Foxfire - Insecure Java Plugin in Firefox System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:40 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33