If you read the news today and yesterday, you can not have missed the security hole in Facebook . There is a vulnerability that allows you to access the accounts for all Facebook users that are connected to the same WiFi network as you. All you need is an extension for Firefox.
Update: After almost every other media talked about what the extension is called, I can also do it: it’s called the Fire Sheep , and it was developed by Code Butler .
All you have to do is install it and open it via Firefox and the menu View -> Sidebar -> Fire Sheep . This opens a window to the left of your browser and this shows all the up-logins that exist on the network.
How can this be possible? Well, when you log into Facebook sends a cookieto you with a unique ID number. This is apparently all it takes to log on. The Appendix uses the cookie to fake a login via Firefox. It does not help to turn off cookies in your browser, because the data is still sent to you.
At home, you can therefore access all the family members who are logged. If the neighbor does not have password protected their WiFi so you can connect to his network, you can access his family’s accounts. And if you have WiFi at work, you can get all logged colleagues. Not to mention the network of libraries, cafes, schools and so on.
I will not tell you where you can download the Firefox extension, but anyone can find it through Google. The supplement was developed by a firm that wants to demonstrate the security hole and we can assume that up soon to solve this.
All you have to do is install it and open it via Firefox and the menu View -> Sidebar -> Fire Sheep . This opens a window to the left of your browser and this shows all the up-logins that exist on the network.
How can this be possible? Well, when you log into Facebook sends a cookieto you with a unique ID number. This is apparently all it takes to log on. The Appendix uses the cookie to fake a login via Firefox. It does not help to turn off cookies in your browser, because the data is still sent to you.
At home, you can therefore access all the family members who are logged. If the neighbor does not have password protected their WiFi so you can connect to his network, you can access his family’s accounts. And if you have WiFi at work, you can get all logged colleagues. Not to mention the network of libraries, cafes, schools and so on.
No comments:
Post a Comment