New Firefox Extension Hijacks Popular Web App Accounts

Kara Reeder

In an effort to draw attention to the security risks of running high-profile Web applications over unsecured Wi-Fi networks, developer Eric Butler has created a Firefox extension that lets users hijack someone else's Facebook, Twitter, or Windows Live account, reports CRN.


Dubbed Firesheep, the extension targets 26 of the most widely used, and highest trafficked applications on the Internet, collecting "cookies" that the sites use to allow access. With cookie in hand, a criminal can do anything the user can do on a site. Switched explains:

Firesheep listens for cookies being sent over the network, and grabs them. When a session from an unprotected site is detected, the sidebar automatically displays usernames and corresponding account photos, if available. Simply clicking on a user's name opens the target site with that user's account, allowing you free reign over their data.

The flaw is nothing new, but as Computerworld quotes Richard Wang, the U.S. manager of SophosLabs, as saying:

Firesheep makes it so easy to discover [unencrypted traffic and cookies] that pretty much anyone can use it to listen to what others are doing at public hot spots.

According to TechCrunch, Firesheep has been downloaded more the 100,000 times in 24 hours. IT Business Edge blogger Lora Bentley sums it up when she says:

The more time passes, the more online privacy really does become a myth.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data