A Serious Horrifying Security Threat
#1
Posted 29 October 2010 - 10:21 PM
Ian Paul from PC WORLD lately posted an article about this horrifying new add-on, here are some paragraphs of what he wrote:
- Want to hack someone Else's Amazon, Facebook, Twitter or Windows Live account in just one click? A Firefox extension called Firesheep claims you can by hijacking a person's current user session over an open Wi-Fi connection.
- I tested the extension out and to my horror it works as advertised - almost that is.
- Theoretically, if I had tested this system over an unencrypted Wi-Fi network at a cafe, I should have been able to simply click on any of the accounts I saw in the Firesheep sidebar and then gain almost unrestricted access to the account.
- There's no question that Firesheep highlights an important Web browsing security flaw that could expose your account to a malicious hacker.
- Nevertheless, Firesheep, and side-jacking in general, is still a serious security threat if you happen to be using open or unprotected Wi-Fi.
- Firesheep may make it easier than ever for someone to snoop on other people over open, unencrypted Wi-Fi
One of the things that really made me furious when Ian wrote that JAW DROPPING statement as he said:
But it's also important to keep in mind that side-jacking has its limits. Using Firesheep is not likely to expose your user password.
So a hacker may be able to use Firesheep to take action on your behalf such as send an e-mail, post a status update, or send out a tweet. But it's unlikely that Firesheep could be used to steal your account by switching your password on you. Unless, of course, you are using a service that lets you change your password without entering the current one--a rare occurrence these days.
- What did you say Mr. Ian Paul? Sorry !! Are you underestimating the privacy and security breach issue that some snooper log into your accounts and take action on your behalf? Are you serious when you said that?
Read the full article HERE:
=======================================================================
Many computer security vendors offer free computer security checks for your computer. Visit this link to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
===================================================================
===================================================================
My Previous Topics & Tutorials HERE
===================================================================
#2
Posted 30 October 2010 - 09:14 AM
#3
Posted 30 October 2010 - 09:37 AM
#4
Posted 30 October 2010 - 03:34 PM
http://technologysuf...-york-city.html
An interesting read.
#5
Posted 30 October 2010 - 10:51 PM
Maybe the fact that Firesheep has more publicity/hype now is a good thing, maybe this time more
Wonko
#7
Posted 07 November 2010 - 10:20 PM
Microsoft responds to Firesheep cookie-jacking tool
The Firesheep developers continue to be under fire for releasing their cookie-jacking plug-in. However, in doing so they have already made Microsoft promise that it will fully convert its Hotmail / Windows Live email service to SSL. According to a report from the US news web site Digital Security, the services are to be converted before the end of November.
Read more HERE, and HERE.
#8
Posted 07 November 2010 - 10:33 PM
Hotmail was not supporting SSL in 2010?Microsoft promise that it will fully convert its Hotmail / Windows Live email service to SSL
#9
Posted 07 November 2010 - 10:37 PM
According to George OU he said:Hotmail was not supporting SSL in 2010?
UPDATE 11/4/2010 – Unfortunately, Microsoft confirmed that SSL will be optional and not the default setting which means the vast majority of customers will not be running SSL. Hopefully they’ll at least fix the cookie theft issue by default, and then consider the almost nonexistent overhead of maintaining SSL browsing for all Hotmail customers. All the hard work of setting up the SSL session during the initial authentication phase was already done.
Read More HERE
#10
Posted 07 November 2010 - 10:46 PM
#11
Posted 07 November 2010 - 11:06 PM
#12
Posted 11 November 2010 - 08:46 PM
read more updates about this subject By Tony Bradley, from PCWorld HERE
#13
Posted 16 November 2010 - 12:42 AM
Yep , wireless cookie stealing is not really news, sessionthief, surfjack, wifizoo and the like are around since years.
Maybe the fact that Firesheep has more publicity/hype now is a good thing, maybe this time moremoronsinexperienced users will start being more careful....
Wonko
Thank you Wonko,
Yes actually while sniffing/stealing session credentials is nothing new, the Firesheep plug-in which was developed by security researchers in the first place to highlight how insecure public WiFi networks can be. Mission accomplished, yes. But unfortunately the tool works quite well, and it's free for public to download and use, and its public availability places a relatively powerful snooping tool that as I said requires virtually no hacking skills whatsoever,this tool exposed this capability to the masses, by automating the process, so that absolutely everyone with no technical know-how can simply log on to your bank account or your facebook or hotmail or anywhere you are using your user name and password and act on your behalf, while you are sitting quietly sipping your morning coffee, and you don't know what the other kid next to you is doing on your behalf!!
And unfortunatley its quite difficult to defend against Firesheep because most sites only permits SSL connections during the initial log in, not while surfing, so while your user name and password are encrypted, your session ID is not, and it's available to all other machines on the same network, and as I mentioned, that kid next to you in Starbucks can act on your behalf on any account you are logged in on your machine!
The good news now is coming from Zscaler research team, they invented a Firefox add-on they called it BlackSheep, this BlackSheep won't secure your wireless data, and it won't prevent your information from being snooped by Firesheep per se, but it will alert you when Firesheep is in use on the network you're connected to so that you're aware, and shows you his IP address also, so it's up to you to call the cops then and let them catch this snooper kid red handed.
Here is all the info you need:
BlackSheep
==========
Version: 1.3
License Type: Free
Price: Free
Date available: Nov 12, 2010
Operating Systems: Windows XP, Windows Vista, Windows 7
Requirements: 32-bit Mozilla Firefox 3.5 or higher+ WinPcap
File Size: 3994 KB
Author: Zscaler
Download WinPcap from HERE
Download BlackSheep from HERE
Here is a youtube video link of of both (Firefox-Sheeps) in actions:
http://www.youtube.c...layer_embedded#!
#14
Posted 16 November 2010 - 03:26 PM
#15
Posted 16 November 2010 - 07:06 PM
you might find this article By Steven Andrés, of PC World useful to you and an answer to your concerns.
#16
Posted 25 November 2010 - 02:25 PM
Read the full story by John P. Mello Jr., from PCWorld HERE.
Official download link of the HTTPS-EVERYWHERE tool HERE
#17
Posted 25 November 2010 - 10:56 PM
#18
Posted 26 November 2010 - 12:21 PM
Nope, you'd be safe from it.If you set your wireless network with WPA2-Personal would Firesheep still be a problem?
A new version of the tool, the tool has been available since at least July.A new tool has been released today
#19
Posted 05 December 2010 - 02:17 AM
AlwaysVPN uses Virtual Private Networking technology to encrypt all of your communications, and it's especially useful for those who connect at public Wi-Fi hot spots, where all communications are in the open and not encrypted.
Read more from Preston Gralla of PC WORLD HERE
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users