Firesheep sniff tool prompts Facebook warning

Summary:Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.

Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.

The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.

Facebook said on Wednesday that it had an ongoing project to encrypt user sessions using Secure Sockets Layer (SSL), an encryption protocol that is a precursor to Transport Layer Security (TLS).

"We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months," said the company in a statement. "As always, we advise people to use caution when sending or receiving information over unsecured Wi-Fi networks."

Firesheep is an extension to the Firefox browser. According to security company F-Secure, the tool scans local Wi-Fi networks and compiles a list of users who are logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and other services, by icon and username. By clicking on the icon and username, a hacker can hijack the session, and effectively take over the online persona of the victim.

"Will Firesheep be misused? Absolutely," said F-Secure chief research officer Mikko Hypponen in a Monday blog post. "Will it cause some of the above sites to go fully SSL? We hope so. Gmail did it earlier this year."

Amazon.co.uk had not responded to a request for comment at the time of writing.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.