Firesheep Firefox extension exploits Facebook and Twitter vulnerability

A developer has managed to produce a Firefox extension called Firesheep, which allows the user to garner other users' cookies through open Wi-Fi networks.

Eric Butler, the man who developed the Firesheep extension, has apparently created the tool, not for some underhand purpose, but to highlight the dangers coming from the lack of security on the web.

In a nutshell, Firesheep bolts on to Firefox and harvests cookies from sites that fail to encrypt them - gaining access through un-secure Wi-Fi networks.

As Butler states: "It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable".

"Sidejacking" the cookie will allow the user to do anything that the user can do within the site.

These loopholes are, apparently, similar to those that were exploited by the Google Street View cars as they passed the un-secure Wi-Fi networks in the houses it photographed.

Saying this, nothing has changed, the vulnerability has always been there - this simply highlights another security concern that people using the Internet need to consider.

What do you think? Let us know in the comments below?



>