Experts have always maintained that plain HTTP sessions are utterly insecure and it has been proved as a Seattle-based software developer has released a new Firefox addin named Firesheep, which captures sessions on open Wi-Fi networks. The new tool finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and allows the Firesheep users to take over the sessions of other users and become them.
We know that session hijacking in HTTP is not a new thing but the new tool has made it very easy. Windows users will still find it little tough to hack HTTP as they have to install WinPcap, a packet capture library. An OSX version of Firesheep is also available. If you want to keep your accounts secure, avoid using open, unencrypted Wi-Fi networks or, if you do, use a VPN. Try to use HTTPS sessions on open networks.
Tech website TechCrunch has reported that Firesheep has proved to be a big hit among amateur hackers as it has been downloaded more than 104,000 times so far. Eric Butler has programmed Firesheep. Butler said that he has designed the extension to demonstrate the HTTP vulnerability in certain websites (such as Twitter, Facebook, Flickr, Tumblr, and Yelp).
"Firesheep was written over the course of a few months in spare time but really boils down to a few weeks of work. I originally thought of the idea three or four years ago, but didn't start working on it until this year,” said Butler. Firesheep targets 26 online services, and includes many popular online services such as Amazon, Facebook, Foursquare, Google, The New York Times, Twitter, Windows Live, Wordpress and Yahoo.
