October 28, 2016

Firefox extension steals Facebook, Twitter, etc. sessions

Presented at ToorCon, Firefox extension Firesheep demonstrates how easy it is for attackers to access accounts belonging to other users on the same network, such as a Wi-Fi hotspot. After launching the program, user accounts belonging to other users gradually appear in the sidebar as users navigate to any of the many supported web sites, which currently include Facebook, Twitter, Flickr, Amazon, Windows Live and Google. By clicking on one of the sidebar entries (which generally display the victim’s name and photo), an attacker is able to access the site in question with all the legitimate user’s privileges.

Read the full story here.