Are you onto hacking my Twitter or Facebook? It really puts you on no.1 on my terrorist list. But on the other hand, it is true that as even more people are switching to wireless/wifi devices and networks for tweets, emails, Facebook status updates, there are serious security implications associated to them. Notice how easy it is to hack into someone's social networking account and scare him or her.
This technique is known as HTTP session hijacking attack.
1- Make yourself comfortable in a crowded place, where you are sure to find some wireless/wifi networks on the loose (An airport or a bus station, or may be a tube station).
2- Fire up your Firefox 3.0.6 or higher (excluding 4.0 +) with Firesheep extension installed (Note there are already around 2 million downloads as I write this post).
3- And sit back and relax while you will have access to all open sessions for various services including Gmail, Yahoo, Hotmail and not to mention Twitter or Facebook.
Workarounds: Service providers have been incorporating the use of SSL in their applications and make sure that your browser uses the link starting from https: rather than http:
Disclaimer: This post is for education purposes only. And I request you to not to harm any user if you get access to his/her personal service account. And perhaps it is your duty as a responsible citizen to warn users of the dangers associated with using insecure wireless networks.
This technique is known as HTTP session hijacking attack.
1- Make yourself comfortable in a crowded place, where you are sure to find some wireless/wifi networks on the loose (An airport or a bus station, or may be a tube station).
2- Fire up your Firefox 3.0.6 or higher (excluding 4.0 +) with Firesheep extension installed (Note there are already around 2 million downloads as I write this post).
3- And sit back and relax while you will have access to all open sessions for various services including Gmail, Yahoo, Hotmail and not to mention Twitter or Facebook.
Workarounds: Service providers have been incorporating the use of SSL in their applications and make sure that your browser uses the link starting from https: rather than http:
Disclaimer: This post is for education purposes only. And I request you to not to harm any user if you get access to his/her personal service account. And perhaps it is your duty as a responsible citizen to warn users of the dangers associated with using insecure wireless networks.
No comments:
Post a Comment