When a user logs in to a web site, this web site creates a cookie. A malicious hacker can easily get a hold of said cookie and access the web site with the users cookie.
Here an explanation from the Firesheep creator (screen shots courtesy of www.codebutler.com):
After installing the Firesheep extension you'll see a new sidebar. Now you have to connect to any busy open WiFi network and click the big "Start Capturing" button. Then wait.
As soon as anyone on the network visits an insecure website known to Firesheep (Facebook, Twitter, Flickr, Google), their name and photo will be displayed:
If you double-click on someone or their picture, and you're instantly logged in as them and you can use their account as you please.
Bingo - the account is yours.
Firesheep is free, open source, and is available now for Mac OS X and Windows. It is planned to also offer a Linux version in the near future.
Warning: even if it is that simple, it is probably against the law to use this tool. Violating people's privacy is against the law, especially if you use any of the information. It is like breaking into a house where the door is wide open. It is still trespassing and you will wind up in jail when caught. I am not a lawyer or a law enforcement agent. Conduct your own research. But based on my understanding, this tool can get you in hot water, fast.
While it is an interesting experiment, it is probably a bad idea to release a "tool" like Firesheep broadly.
0 التعليقات:
إرسال تعليق