Life In The Time Of FireSheep
A couple of weeks ago at Toorcon security researcher Eric Butler released a curious new plug-in for the the popular Firefox web browser. Known as FireSheep this plug-in allows even an unskilled person to monitor traffic on an open wifi network. It further allows its users to capture the login data exposed as web browsers of other people on that WLAN perform logins to sites like Facebook, Twitter, FourSquare, etc.
I won’t go into how it works since others had done a nice job of that already. Suffice it to say that this is scary stuff given how common it is for people to use open wifi networks at public places, usually without giving it a second thought..
FireSheep was not intended as a tool for criminal or malicious activity. It’s release was intended to expose a security issue in the way web browsers handle cookies arising from login. While the login process itself is secure, the handling of the resulting cookies usually is not.
Whatever the intent, it’s certain that some less scrupulous people will use it or the lessons learned from it for illicit purposes such as identity theft.