The Firesheep Extension for Mozilla Firefox is a scary program. A few days ago, sites like Engadget and Gizmodo picked up coverage regarding Firesheep, an extension that was designed to show website vulnerabilities, but whose application might have some disturbing consequences. People, more likely than not, will use this program for wrongdoing. Click below to read more about Firesheep.
A user downloads Firesheep as an extension to Mozilla Firefox. Once Firesheep is ran, it pulls user names and passwords on open (unsecured) networks, and allows the user to login to the websites that the target users were using. Sites like Facebook are not secured using SSL. Therefore, if I was on an open home wireless network, and someone else on the network logged in to Facebook, I would be able to see their username and password, and would then be able to login to Facebook as if I were that person.
The concept behind Firesheep is very simple and logical. When you log in to a website, you submit your username and password to the site, and the site, in return returns to you a “cookie.” That cookie is then temporarily on your machine, and let’s the website know that you are who you say you are. Firesheep picks that cookie right out of the air. Simple, effective, and potentially devastating in terms of security vulnerabilities.
The designer of this program, Eric Butler, wrote this program to show how weak security protocols currently are. He did not want people downloading his program, and taking advantage of these security flaws. Or so he says….
Written By: The Sherwinator