Despite the security threat surrounding Firesheep, representatives for Mozilla Add-ons stated initially that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable spyware or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used to test the security of one's own systems). It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. The extension was released October 2010 as a demonstration of the security risk of session hijacking vulnerabilities to users of web sites that only encrypt the login process and not the cookie(s) created during the login process. By clicking on a victim's name, the victim's session is taken over by the attacker. The collected identities (victims) are displayed in a side bar in Firefox. When it detected a session cookie, the tool used this cookie to obtain the identity belonging to that session. The plugin eavesdropped on Wi-Fi communications, listening for session cookies. Microsoft Windows and Mac OS X (highly unstable on Linux)įiresheep was an extension for the Firefox web browser that used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |