Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

Fayla · 08 Nov 2010

Really, you should never visit important web sites that require login or shop online while your computer is connected to an unsecured wifi hot spot.

...I installed a counter Firefox addon for this after hearing about it and it just forced TLS on certain web-sites-- and that produced errors in my browser, as some sites rejected the TLS connection outright.

But I did realize something, if you have the noscript addon installed, you don't need an additional addon to stop this. Simply by going into the options of noscript > Advanced > HTTPS, you can define which web-sites you want to force a SSL connection on and even have Firefox encrypt all the cookies you send over SSL for certain web-sites (in case you drop out of secure mode for some reason.)

Tepid · 08 Nov 2010

This is not going to change much of anything.

The largest majority of users on the Net are not security conscious. If they were, there would be far fewer Virus/Malware/Spyware issues than there are.

Sorry, people in general don't give a crap as long as they can login at a starbucks for free and get their latte.
And as for Facebook and the ilk (i mean like), those people are even dumber.
Why do I say that? Simple.

When people insist on continuing to use a site that has a habit of marking all of your private data not private till you go in and change it, leaving it wide open for all to see? Your an idiot. And you deserve what you get. Sorry if that is too blunt for some, but facts are facts. It's a completely stupid thing to continue using such site. And if you are doing it? Well, as they say, "If the shoe fits."

Borg 386 · 09 Nov 2010

Derek Schauland took the Firesheep extension for Firefox out for a spin, and discovered how easy it makes stealing credentials on open wireless networks. Here is his take on how to protect yourself.

Read more

Hacking made easy: Protecting yourself from the Firesheep extension | IT Security | TechRepublic.com

Fayla · 10 Nov 2010

It's more like what can these major web-sites do to protect their end users. Not enough sites offer encryption across the board.

Really, this is a new face to a old problem. The network we use now was designed over twenty years ago and it had the goal of open-ness in mind, not security.

SSL, TLS, certificates are nothing but patchwork to try to secure a system that was designed to be completely open and security-less.

madtownidiot · 10 Nov 2010

The best thing you can do to protect your privacy when using a laptop in a public place is to use a VPN. If you don't want to pay for a VPN service, you can create a VPN server at home or set your home computer up for remote access.

richc46 · 13 Nov 2010

Just found out about this security threat. It made me concerned and I dont even use hot spots
Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

madtownidiot · 13 Nov 2010

Firesheep isn't even the half of it.. just an example made written by a skilled hacker to demonstrate one aspect of the vulnerabilities of public wifi.

jimbo45 · 14 Nov 2010

slam said:

Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway.

?

How then do you login to an Online Bank via the Internet.

Most Banks have decent security but to reach their sites you still have to use the public internet -- so I'm confused as to what you actually mean here about logging in via public unsecure networks -- after all isn't the Internet just one gigantic public Network.

Cheers
jimbo

RJ12 · 14 Nov 2010

jimbo45 said:

slam said:

Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway.

?

How then do you login to an Online Bank via the Internet.

Most Banks have decent security but to reach their sites you still have to use the public internet -- so I'm confused as to what you actually mean here about logging in via public unsecure networks -- after all isn't the Internet just one gigantic public Network.

Cheers
jimbo

I believe they mean unsecured WiFi Networks

swarfega · 15 Nov 2010

So is there an extension you can install to counter this? Can other extension based browsers suffer from this as well?

Firefox is getting more and more insurecure.

Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

Protecting yourself from the Firesheep extension

FireFox Extension Firesheep Lets Hackers Get Into Your Social Accounts