Firesheep is a new Firefox plugin that makes it easy for you to hijack other people’s social network connections. Basically, Facebook authenticates clients with cookies. If someone is using a public WiFi connection, the cookies are sniffable. Firesheep uses wincap to capture and display the authentication information for accounts it sees, allowing you to hijack the connection.
Slides from the Toorcon talk.
Protect yourself by forcing the authentication to happen over TLS. Or stop logging in to Facebook from public networks.
EDITED TO ADD (10/27): To protect against this attack, you have to encrypt the entire session—not just the initial authentication.
EDITED TO ADD (11/4): Foiling Firesheep.
EDITED TO ADD (11/10): More info.
EDITED TO ADD (11/17): Blacksheep detects Firesheep.
Leave a comment