Firesheep: The cute, new computer hacking program
No need to be Lisbeth Salander to hack into Twitter and Facebook accounts nowadays. Thanks to Seattle software developer, an easily downloadable program allows even a luddite the ability to access Twitter and Facebook accounts.
The somewhat menacing-sounding Firesheep was released by Seattle-based developer Eric Butler and is a Firefox program that works on Wi-Fi networks to capture users' cookies. (As I side note, I wonder if Butler took inspiration from Carly Fiorina's "Demon Sheep" ad for the name?)
Butler's post on a hacking Web site said that as soon as anyone on the network visits an insecure Web site, their name and photo will be displayed in the Firesheep window.
Techcrunch was one of the first sites to report the new program, saying "One word: wow."
Butler said he had only the best of intentions when creating the demonic sheep hacking program: to expose the severe lack of security on the Web.
"Web sites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win," Butler said.
The program has already been downloaded thousands of times, but the Guardian's Tom Scott warns people, "Using this on a network that you don't completely own and control would be a violation of the Computer Misuse Act."
A TechCrunch reader pointed to a Firefox add-on that can block the Firesheep program.
Even so, wireless networking is an inherently fragile dealing and Butler places the blame on the "insecure Web sites."
"Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely?" Butler wrote. "Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website."
Update: Facebook spokesman Andrew Noyes said in an email that Facebook has been testing a technology that will close out this loophole and they hope to provide it within the next few months. However, "As always, we advise people to use caution when sending or receiving information over unsecured Wi-Fi networks."
Update II: The headline originally read as "The cute, new password stealer," which is misleading. The program allows users to access password-protected sites, essentially sidestepping the need to use a password.
| October 25, 2010; 1:00 PM ET
Categories: The Daily Catch
Save & Share: Previous: Georgetown students never take 'hard drugs' (wink, wink), Facebook moms annoy people, and more
Next: Trash strikes from Naples to Marseilles (Photos)
Posted by: parikhan | October 25, 2010 1:26 PM | Report abuse
Posted by: geeksrus | October 25, 2010 8:49 PM | Report abuse
Posted by: clarkwalker | October 27, 2010 1:30 AM | Report abuse
Posted by: getjiggly1 | October 27, 2010 7:49 AM | Report abuse
Posted by: andysl | October 27, 2010 5:58 PM | Report abuse