
What is it?!?
FireSheep is an add-on extension for Firefox. It was made for the purpose to prove that login credentials are obtainable via hijacking. By using this very simple extension anyone who runs it on a shared network can grab 90-99% of social media login credentials to be used as an imposter login. In this day of security consensus people you would think this extension would be useless… But that statistics prove it is still usable and is Still Running!!!
Targeting?!?
Most Users of social media after logging into their areas keep themselves logged into the site thus keeping a cookie in their web browsers in open view and not encrypted.
Potential Example?!?
A hacker enters a coffee shop to look like a normal person working on a notebook drinking their coffee Secretly running FireSheep in the background. The hacker can grab all the social media login credentials they ever needed per session with no programming experience necessary while looking innocent and store the data for later reference. An hour or two later the hacker exits the coffee shop and saves the captured data.
Once the social media login credentials are obtained by the hacker the hacker can now login to the social media site to do whatever they want to. They can grab more info from the captured logins like email addresses, friends lists, hidden pictures, user comments between friends and a lot more that the social media site stores on its sites.
How to Protect Yourself?!?
The simplest way is to use https web-based protocol every time when using social media.
On most sites in the settings areas you can force https…
If you have to login to the network (via WPA/2) then that should protect you against FireSheep. Remember 98% of free networks don’t use this however.
The best way is to use a VPN (Virtual Private Network). No data will be leaked when using a VPN. Your network connection endpoint to endpoint is protected. Harder to set up but well worth it… It protects you against this and many more issues not covered in this article.
Final Thoughts?!?
FireSheep can be used on a shared network. Because of this wired, wireless and both type used at the same time are at risk. When someone is impersonated via this issue lots of problems can arise. Types of social media sites are Facebook, LinkedIn, dating sites, twitter and many more. A lot of users reuse the same passwords on many sites and the hacker can retrieve this info for their own needs (usually up to no good)…
A quote from the creator of FireSheep is “I Released FireSheep to show that a core and widespread issue in Website Security is being Ignored”… And it will force people to login via a higher security concern hopefully.