Firefox extension makes social network ID spoofing trivial
Oct 26, 2010, 19:32 (1 Talkback[s])
[ Thanks to Chao-Kuei
Hung for this link. ]
"A simple-to-use Firefox plugin presented yesterday at
Toorcon in San Diego has hit the security world with the
realization that squabbles about Facebook's changing privacy
settings and various privacy breaches simply miss the point.
""When it comes to user privacy, SSL is the elephant in the
room," said Eric Butler, the developer of the extension in
question, dubbed Firesheep. By installing and running it, anyone
can "sniff out" the unencrypted HTTP sessions currently allowing
users on that network segment to access social networks, online
services and other website requiring a login, and simply hijack
them and impersonate the user."