A new computer program increases the risk private account hacks on Facebook and Twitter. Firesheep, a new Firefox extension created by developer Eric Butler, startled Internet users massively by revealing the vulnerabilities of most social networking sites including Facebook and Twitter. The tool gives hackers access to the user accounts of people who use unsecured wireless networks.
Butler, when asked about his new hacking tool, said, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials”. According to a report from the Sunday Mail, Firesheep allowed testers to gain access to 15 Facebook accounts and an email account from Hotmail in just under 20 minutes.
On clicking this add on, it appears on the sidebar of the browser. However, if you are surfing social networking sites such as Facebook or Twitter on an unsecured Wi-Fi network then other users on the network may get access to your account. Typically the Wi-Fi networks used in coffee shops and libraries are vulnerable to such a hijack. Firesheep grabs cookies/sessions from unsecure networks and that’s just about everything a hacker needs to masquerade as a legitimate user and gain complete access to their social networking profile. What’s scarier is the fact that the extension has the potential to identify cookies from Amazon, Google, Yahoo, Flickr and a host of other websites.
Anna Westrin, a student whose account was hacked when the Sunday Mail tested the program at the State Library of Queensland, was equally stunned. “I think it’s really scary that it’s so easy, especially if you can just press one button… I wouldn’t believe it if I hadn’t seen it for myself. I’ll definitely be a lot more cautious from now on.” The program, which comes as a free add-on to the Firefox Web browser, allows users to gain access to 26 popular Web sites. The list of sites Firesheep can gain access to include Yahoo, Facebook, Twitter, Hotmail and Amazon.com.
Under such circumstances, when your account has been hijacked it would not come as a huge surprise if the hijacker steals personal information from your account. Apparently, there is one catch before your account can be hacked in such fashion. The trick to avoid these attacks through Firesheep is not to use the Wi-Fi networks that you do not trust or that does not have a trustworthy firewall protecting it.