What do you suppose could happen if a person with malicious intent was able to gain access to the Facebook account of a credit union CEO? What about a corporate Twitter account? There has been an old hacking technique called HTTP Session Highjacking that has recently been brought to the front of the pack with the release of Firesheep by Eric Butler, and covered by TechCrunch.
When you sign in to an online service, such as your email, online banking, Facebook, or Flickr, the website gives your computer a session cookie. Generally, the login page is secured behind an SSL certificate, meaning that the traffic is encrypted and can’t be deciphered. However, as is the case with Facebook and Flickr, once you’ve logged into the service, you browse the site over regular HTTP that is not encrypted. Firesheep is an extension for Firefox that sniffs internet traffic on a network and finds cookies from websites like Facebook. Since these cookies aren’t encrypted and you are browsing Facebook without any security, these cookies can easily be copied and a person identity can be spoofed very easily.
Firesheep makes this as easy as installing the plugin and click a button. It sits there and gathers all of the cookie traffic across a network and present you with the results, let you click on more button and logging into the Facebook account of someone.
(Read the rest of this article at: http://cuinnovators.com/blog/the-facebook-account-of-a-credit-union-ceo/
Tuesday, October 26, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment