X
Tech

Firesheep sniff tool prompts Facebook warning

Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.
Written by Tom Espiner, Contributor

Social networking site Facebook has advised users to take care when using open Wi-Fi networks following the publication of a tool that will allow a hacker to hijack a user browser session.

The tool, called Firesheep, allows people to intercept cookies and impersonate users of a number of sites, including Facebook and Twitter, according to its developer Eric Butler.

Facebook said on Wednesday that it had an ongoing project to encrypt user sessions using Secure Sockets Layer (SSL), an encryption protocol that is a precursor to Transport Layer Security (TLS).

"We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months," said the company in a statement. "As always, we advise people to use caution when sending or receiving information over unsecured Wi-Fi networks."

Firesheep is an extension to the Firefox browser. According to security company F-Secure, the tool scans local Wi-Fi networks and compiles a list of users who are logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and other services, by icon and username. By clicking on the icon and username, a hacker can hijack the session, and effectively take over the online persona of the victim.

"Will Firesheep be misused? Absolutely," said F-Secure chief research officer Mikko Hypponen in a Monday blog post. "Will it cause some of the above sites to go fully SSL? We hope so. Gmail did it earlier this year."

Amazon.co.uk had not responded to a request for comment at the time of writing.

Editorial standards