Firefox add-on makes hacking your friend's Facebook a breeze

[Bateluer]

http://www.engadget.com/2010/10/25/firesheep-makes-stealing-your-cookies-accessing-your-facebook-a/

Nice. Invite some peeps over, make sure they all jump their phones onto your wifi, instant access to their Twitter, Flickr, Facebook, and Dropbox, among others.

I know the password reset utility on Facebook has been broken since at least last July 2010 when I started checking it.

 

[BTRY B 529th FA BN]

where can i get this at, lol

 

[Saint Nick]

Download Firesheep:
http://codebutler.github.com/firesheep/

 

[rudeguy]

I support this only if all you do is change their profile pics to that of sheep.

 

[ghost recon88]

Wow, I could have some fun with this

 

[BTRY B 529th FA BN]

i wonder if this app will hijack your own password when installed and send it to the developer

 

[illusion88]

Just go hang out at a Starbucks for an hour....

 

[rudeguy]

Wow, I could have some fun with this

one of my buddies is a complete idiot and leaves his phone laying around at his job. At least once a week his status is something along the lines of "I like the cock".

While I don't doubt that he does like the cock, I don't think he'd advertise it on purpose.

 

[TheVrolok]

This would work on open public networks? If so, they is going to own A LOT of people. Personally, I never type in any sort of password on a public network.

 

[KingGheedora]

Insane. Are we in danger if we use our email accounts, etc, at work, and in cafes then ? I guess gmail is safe because it's ssl.

 

[Leros]

one of my buddies is a complete idiot and leaves his phone laying around at his job. At least once a week his status is something along the lines of "I like the cock".

While I don't doubt that he does like the cock, I don't think he'd advertise it on purpose.

I bet I know how you can find out

 

[thescreensavers]

seems you need to plug into Ethernet for it to work, at least for me.

and oh the fire sheep side bar never popped up for me.

Edit: doh View>Sidebar>Firesheep

 

[BillGates]

How do I install this?

 

[thescreensavers]

Damn you would think Bill Gates would know how to install it, let alone look at Post #3

 

[BeauJangles]

And to think we did it the hard way with Wireshark.

 

[Saint Nick]

Its pretty easy to install...lol...doesn't work that great, though.

 

[Scouzer]

doesnt work for me, just get error messages.

 

[BillGates]

Figured it out - it was flaky to install on my PC but went fine on my laptop. Didn't seem to pick up much though. Someone else stole my Internets, I guess.

 

[Leros]

Be careful, the cyber police might backtrace your IP.

 

[Crusty]

How does this work? And would it work on a non-wifi network?

If you are directly connected to a HUB then yes. This really has nothing to do with facebook, just the fact that they don't use SSL by default. Session hijacks are nothing new.

Any website that uses a simple cookie for authorization that does not use ssl is susceptible to this attack.

You might send your password over an encrypted SSL connection, but as long as your authorization cookie is sent in plain-text over a network that can be sniffed easily you're fucked.

If a website is really smart and resourceful they will encrypt every transaction to their servers; non SSL HTTP is insecure by nature and should not be trusted.

 

[zinfamous]

one of my buddies is a complete idiot and leaves his phone laying around at his job. At least once a week his status is something along the lines of "I like the cock".

While I don't doubt that he does like the cock, I don't think he'd advertise it on purpose.

well....good for his co-workers for keeping him honest.

 

[Kev]

wow

 

[0roo0roo]

no ssl? lol

anyways the engadget show was pretty kewl this week.
http://www.engadget.com/show

 

[rasczak]

I bet I know how you can find out

have him hold his hand out?

 

[Scouzer]

no ssl? lol

anyways the engadget show was pretty kewl this week.
http://www.engadget.com/show

why are you plugging the engadget show in every thread?