Firesheep : simple HTTP session hijacking
Eric Butler, a freelance web application and software developer, has launched a brand new Firefox add-on around the weekend called Firesheep that aims to highlight the lack of security surrounding consumer logins and cookies on well-liked websites for example Facebook.
Firesheep may be additional to Firefox just like another add-on. Once installed it displays a brand new sidebar that displays details about particular person customers logged into website like Facebook when linked more than an unsecured and open network. If a person pops up in this sidebar Firesheep enables you to login as them having a double-click of the mouse. It’s that simple.
Firesheep works because of poor security on the a part of the website. While a user’s username and password may possibly be secured with SSL encryption, the cookie the website makes use of is not inside a lot of cases when that login has been effective. So as soon as a user has logged in it is a simple process of hijacking the unprotected cookie taking more than their account for that session.
taken from:
