These days it has sparked controversy on the Internet for an extension for Firefox called Firesheep that exploits a vulnerability in the HTTP protocol that is nothing new since it was discovered many years, operating Firesheep is briefly as follows:
- Download and install Firesheep in Firefox.
- You will then see in Firefox a sidebar with a button that says "Start Capturing" the press and wait for someone who is using the same WiFi network that you are somewhere vulnerable target and begin to see the name and photo of the person, Double-clicking on the picture of the person and log on as if you were that person in your personal account.
- It's all
As you can see it is a method that only allows you to hack the accounts of people who are using the same WiFi network as you, but the danger of this is in public places, schools or workplaces, this is possible because when logging into a website usually begins by sending your username and password. The server then checks for a matching account this information and if so, it responds back with a "cookie" which is used by the browser for all subsequent requests.
It is very common for websites password protected encryption, at first, but very few sites put everything else. This leaves the cookie (and user) can be vulnerable to intercept and seize kidnap an account.
Firesheep is free, open source, and is now available for Mac OS X and Windows, Linux support is underway.
