Many popular web services like GMail and Facebook are vulnerable to a serious security flaw known as sidejacking. These attacks work by capturing session id's sent unencrypted from your browser. If the traffic is sent over wifi, this sort of attack is especially trivial. Firesheep is a Firefox extension that puts this attack into the hands of the masses. Once a user installs the extension they can easily access online accounts of anyone using nearby wireless networks. This highlights a major security vulnerability that many web services have either not been aware of, or simply chosen to not fix. It isn't difficult for web services to guard against this attack. The easiest way is to force users to use a TLS connection when they log in. Hopefully, Firesheep will raise awareness of the issue so sites will start locking down access to their users accounts.
http://www.securityweek.com/firesheep-extension-firefox-enables-hacking-masses-hijacks-browser-sessions-ease
0 comments:
Post a Comment