Firefox extension opens up hacking for all
A freelance software developer from Seattle has caused a stir this week, releasing a user-friendly Firefox extension that allows wireless users to gain access to other people’s login information for a number of popular sites, including Twitter and Facebook. Eric Butler announced Firesheep at the ToorCon Information Security Conference on Sunday, prompting a frenzied reaction across the internet which saw the application downloaded over 129,000 times in the first day of its release.
The idea behind Firesheep, Butler claims, is to highlight the serious security issues faced by users of open wireless networks, like Wi-Fi spots, where login details for numerous sites are open to manipulation from other users of the network. Until now, only those with high technical knowledge would have been able to exploit the fragility of this data transfer but Firesheep opens up the possibility of this being feasible for everyone.
With the application installed, a sidebar is displayed in Firefox that tracks all communication between servers and computers on the same wireless network. When a computer and server exchange information, for example when someone updates their Twitter account, a notification will appear in the Firesheep sidebar. Click this notification and you instantly have access to that person’s Twitter account.
This video gives a full demonstration of how Firesheep works and how you can protect yourself when using open wireless networks:
The security issues that this highlights are clear and Firesheep has received a mixed reaction since its arrival. Some share the creator’s vision, that it will instigate debate and awareness of the issues and help them to be resolved. Others see it simply as an easy way for people to hack others’ accounts. Emphasising his commitment to ultimately resolving the security issues that he has highlighted, Eric Butler commented on his blog today:
“True success will be when Firesheep no longer works at all.”
In the meantime, for those worried about their data being open to hacking from users of Firesheep, or indeed any other more technical hacking tools, Butler recommends using Https Everywhere whenever they are connected to an open wireless network.