Hacking into someone else’s Facebook or Twitter account is now as easy as installing a browser extension. Firesheep is a new
Firefox extension designed to hijack sessions belonging to 26 online services
, including Amazon, Facebook, Foursquare, Google, Twitter, and Yahoo. The packet sniffing tool springs into action the moment someone logs in to any of the supported sites over an open Wi-Fi connection.
The extension’s uncomplicated interface occupies a sidebar on the left side of the Firefox window. Once enabled through the “Start Capturing” option, Firesheep begins displaying names and photos associated with different accounts being accessed using the open Wi-Fi network. Double clicking on an account puts you in complete control as “you're instantly logged in as them.”
Despite its increasing popularity among amateur hackers, the extension is only meant to raise awareness about the need for “end-to-end encryption, known on the web as HTTPS or SSL.”
“Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” Eric Butler, Firesheep’s co-author, wrote in a blog post.
Meanwhile, Mozilla has made it clear that it does not intend to block the extension as it merely exposes “a security weakness in a number of popular websites, but does not exploit any vulnerability in Firefox or other Web browsers.”
Image Credit: Eric Butler