FireSheep exposes risk of sending data to non SSL websites

by Jago Maniscalchi // October 25, 2010 // Exploits and Malware // No comments

It’s no secret that Web sessions that use the bare HTTP protocol to transmit and receive data are susceptible to a variety of security attacks. What’s less clear is how much information is floating out there in the ether, especially with the rise of “Web 2.0″ and rich social networking applications and other Web based sharing tools.

But now a pair of researchers have created a tool to identify and capture the social networking sessions of those around you. The tool, a Firefox browser extension dubbed “Firesheep,” was demonstrated at the ToorCon Hacking Conference in San Diego on Sunday. Its primary purpose is to underscore the lack of effective transaction security for many popular social networking applications, including Facebook, Twitter, Flickr and iGoogle: allowing users to browse public wifi networks for active social networking sessions using those services, then take them over using a built-in “one-click” session hijacking feature.

About the Author

Jago Maniscalchi is a Cyber security consultant, though he tries to avoid the word "Cyber" at all costs. He has spent 15 years working with Information Systems and has experience in website hosting, software engineering, infrastructure management, data analysis and security assessment. Jago lives in London with his family, enough pets to start a small zooalogical society, and a Samsung NaviBot Robotic Vacuum Cleaner. Despite an aptitude for learning computer languages, his repeated attempts to learn Italian have resulted in spectacular failure.