Hijack Facebook, Twitter accounts with Firesheep, How to Secure against it


FiresheepHave you ever imagined how is it is to hack someones Facebook, Twitter, Live accounts with a single click? Yes! Now its possible with Firesheep an extension for Firefox which helps you to hijack an open Wi-Fi connection.
Firesheep is a work of  Eric Butler who made the proof oc concept public after after presenting at a Security event. The purpose of the experiment was to showcase the security risks associated with session hijacking, aka sidejacking.
So what all can be hacked with Firesheep? Nearly  26 online services, which includes all popular online services: Amazon, Facebook, Foursquare, Google, The New York Times, Twitter, Windows Live,WordPress and Yahoo.
The extension is so flexible that it can be customized to allow a hacker to target other Websites not listed by Firesheep. While Firesheep sounds scary, its not as scary as it may sound first. Even though the extension is downlaoded more than 100,000 times, there’s nothing to be scared of.
Install WinPcap on windows (Mac Os doesn’t need this) and get the Firesheep extension and then open it up by clicking on View>Sidebars>Firesheep. Click the button that says “Start Capturing.” Once you click the button, it starts snooping. Then onwards all sessions that are captured are automatically displayed.
How to Bypass Firesheep Hijacks?

  1. If you feel your account has been compromised, immidiately logout. As soon as you do that, hijacked cookie becomes invalid, and no longer can be mis-used.
  2. Use A VPN: Try using a Virtual Private Network client such as the free version of HotSpot Shield. This piece of software basically creates a secure tunnel for your data that runs between the Wi-Fi router and your computer.
  3. USe HTTPS Everywhere: If you’re a Firefox user you can also use extensions such as HTTPS Everywhere built by the Electronic Frontier Foundation. This extension forces certain Websites to use a secure SSL connection for your entire browsing session instead of just the login.
  4. Use Strict Transport Security (STS): Strict Transport Security (STS) is a relatively new security feature that is starting to appear in some browsers. STS automatically forces your browser to make a secure connection with every Web page that supports SSL encryption. Once you start using STS, you will not be able to use an insecure connection ever again when connecting to a specific site such as Facebook or Amazon. Chrome has supported STS since Chrome 4, and Firefox 4 will include STS when the official version launches in the coming months.
  5. Encrypt your home/office network:  Use the strongest possible encryption on your Home and office Wifi connections.  WPA2 is much better than WEP.
Share and Enjoy:

No comments:

Post a Comment