Firefox Extension Allows Anyone to Steal Logins over Insecure Networks

Page 1 of 3 123 LastLast

  1. Posts : 622
    Arch Linux 64-bit
       #1

    Firefox Extension Allows Anyone to Steal Logins over Insecure Networks


    A newly released Firefox extension, allows virtually anyone to hijack other people's accounts on popular websites like Facebook or Twitter, when connected over open wireless networks and not using HTTPS.
    ...
    Firefox Extension Allows Anyone to Steal Logins over Insecure Wireless Networks - Softpedia
      My Computer


  2. Posts : 284
    Windows 7 Professional 64bit
       #2

    Thanks for the heads up.
      My Computer


  3. Posts : 20
    Windows 7 Professional (32-bit)
       #3

    Yup, I heard about this, but there's also a counter firefox entension that prevents this. It's generally not a good idea to go on sites that require login through public unsecure networks anyway.
      My Computer


  4. Posts : 1,849
    Windows 7 x86/x64, Server 2008r2, Web Server 2008
       #4

    Facebook/Twitter Now Less Secure


    Hacking into someone else’s Facebook or Twitter account is now as easy as installing a browser extension. Firesheep is a new Firefox extension designed to hijack sessions belonging to 26 online services, including Amazon, Facebook, Foursquare, Google, Twitter, and Yahoo. The packet sniffing tool springs into action the moment someone logs in to any of the supported sites over an open Wi-Fi connection

    Firefox Extension Hijacks Facebook and Twitter Sessions over Open Wi-Fi | Maximum PC
      My Computer


  5. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #5

    An alert for wi-fi users....


    I do not use wi-fi, and did not see anything in search about this, but I wanted anyone that does use wi-fi to be aware.
    Firesheep has made it possible for any moron to raid your Web use, but there are ways you can stop it. Here are a few of them.
    More here:Five Ways to Shear Firesheep | ZDNet


    GRC's take on the subject
    What any open hotspot can do to protect its users…
    Instant Hotspot Protection from “FireSheep” | Steve*(GRC) Gibson's Blog

    And....
    At Noon on Sunday, October 24th, 2010, during the final day of the 12th annual Toorcon Security Conference held in San Diego, two Seattle, Washington-based hackers, Eric Butler and Ian Gallagher, brought web session hijacking to the masses
    Why Firesheep’s Time Has Come | Steve*(GRC) Gibson's Blog
      My Computer


  6. Posts : 22
    Windows 8.1 Professional x64
       #6

    Well : it's time to extend https wider than existing secure web sites, isn't it ?

    In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
      My Computer


  7. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #7

    timofort said:
    Well : it's time to extend https wider than existing secure web sites, isn't it ?

    In my own country, the web customer area of my ISP was still http about 6 months ago, knowing that I authenticate it with my internet connection login and password. Do you believe it ?
    Yes I believe it.
    I can not find a link to verify it now, but there have been reports that wi-fi hotspot owners will harvest the log-ins to sell later to bot-net operators.

    Here's F-secure's take on the subject, in a country near you:
    F-Secure Weblog : News from the Lab
      My Computer


  8. Posts : 2,493
    Windows 7 64Bit
       #8

    open Wi-Fi connection ? that means that the one who is trying to do this has to be near your WI-FI?
      My Computer


  9. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #9

    Hi ld,

    As I said earlier, I don't work with wi-fi, but I would think there would be a range limit.

    It been known that people will drive around in their cars to hunt down signals.
    You can inadvertently pick up a neighbors.
    My water meter is read by a person riding around in a Co. truck.
    The power Co. reads my usage, and that reading is sent back through the transmission lines.

    The power Co. example reminds me of DSL on the phone lines.
      My Computer


  10. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       #10

    Firesheep author takes backhanded pot-shot at free speech



    Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far.

    The decision to release Firesheep publicly is a controversial one. On the good side, it's reminded people that some of their common web surfing habits are dangerously insecure.

    Many websites use HTTPS (secure HTTP) for login, which protects your password. But they revert to insecure HTTP for the rest of the session. After you have logged in, security relies on the browser sending a session cookie - a secret authentication token - in every request.

    Websites which send session cookies in unencrypted HTTP requests are exposing your login credentials - albeit only for one session - to anyone else nearby on the network. If you're on an unencrypted WiFi connection, for example at a local coffee bar, then anyone within range of the WiFi access point can hijack your login.
    Since Firesheep proves just how dangerous it is to send session cookies in insecure network packets, it is likely to push businesses such as Facebook and Twitter to adopt HTTPS as an all-session default much sooner than they might otherwise have done.
    '
    More -
    Firesheep author takes backhanded pot-shot at free speech | Naked Security
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:21.
Find Us