Firesheep: cookie theft made easy

[kelkyag]

Signal boosting, from siderea: ALERT: FIRESHEEP: Man-in-the-Middle now in Convenient Firefox Plug-In!
And the article on TechCrunch: Firesheep In Wolves' Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

Comments

[taranhero]

That's... impressive. I guess that's (hopefully) a good way to scare people running these sites into implementing better security ASAP.

[kelkyag]

But in the meantime, at least a lot of mischief and possibly a lot of harm will be done. :( And perhaps places that provide free wifi will institute use agreements. Or stop providing it.

That was disappointing...

[jdbakermn]

...I was hoping to find a new way of stealing chocolate chip cookies.

Re: That was disappointing...

[jdbakermn]

But, um, wow. That's a lot of mischief going to be happening for the next few weeks.

Re: That was disappointing...

[kelkyag]

And here I thought you preferred oatmeal! I do owe you cookies ...

[merastra]

Makes me glad I'm avoiding Twitter & Facebook. Though I'm with jdbakerm in that I was half-hoping for chocolate chip cookies. :-)

[kelkyag]

It's not just twitter and facebook -- it could work on ~anything that uses cookies to hold log-in credentials and doesn't encrypt connections, given the right plug-in, and they're apparently easy to create. There's no reason one couldn't be created for Livejournal. It comes set up to grab credentials for Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, and Yelp, according to the article.

[merastra]

Eek, ok. Maybe I should, like, you know, read the article. ;-)