Firesheep sniff tool prompts Facebook warning

Firesheep sniff tool prompts Facebook warning

Summary: Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.

SHARE:
TOPICS: Security
1

Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.

The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.

Facebook said on Wednesday that it had an ongoing project to encrypt user sessions using Secure Sockets Layer (SSL), an encryption protocol that is a precursor to Transport Layer Security (TLS).

"We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months," said the company in a statement. "As always, we advise people to use caution when sending or receiving information over unsecured Wi-Fi networks."

Firesheep is an extension to the Firefox browser. According to security company F-Secure, the tool scans local Wi-Fi networks and compiles a list of users who are logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and other services, by icon and username. By clicking on the icon and username, a hacker can hijack the session, and effectively take over the online persona of the victim.

"Will Firesheep be misused? Absolutely," said F-Secure chief research officer Mikko Hypponen in a Monday blog post. "Will it cause some of the above sites to go fully SSL? We hope so. Gmail did it earlier this year."

Amazon.co.uk had not responded to a request for comment at the time of writing.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • So the question begs who made this extension? and what was their motif?
    CA-aba1d