Firefox extension steals Facebook, Twitter, etc. sessions

Firesheep collects user cookies for various social networks.
Source: Eric Butler Presented at ToorCon, Firefox extension Firesheep demonstrates how easy it is for attackers to access accounts belonging to other users on the same network, such as a Wi-Fi hotspot. After launching the program, user accounts belonging to other users gradually appear in the sidebar as users navigate to any of the many supported web sites, which currently include Facebook, Twitter, Flickr, Amazon, Windows Live and Google. By clicking on one of the sidebar entries (which generally display the victim's name and photo), an attacker is able to access the site in question with all the legitimate user's privileges.

Firesheep does not concern itself with passwords, instead it just takes over the active session using the cookie, which is sent – usually in unencrypted form – each time a new page is accessed. Many services only encrypt the actual login process. The attack scenario is not new – Robert Graham of Errata Security demonstrated something similar at the Black Hat conference three years ago.

Firesheep runs under Mac OS X and Windows. Under Windows, it requires WinPcap to be installed. Attackers can use scripts to add support for other web sites. Many affected web sites offer the option of performing all queries via encrypted HTTPS, which prevents cookie stealing. Firefox extension HTTPS Everywhere automatically switches to encrypted versions of known web sites where available.

(crve)