A Seattle software developer is stirring anxiety with a new add-on program for the popular Web browser Firefox that allows amateur hackers under the right circumstances to gain access to accounts on popular services such as Facebook and Twitter. The program, called Firesheep, makes it far easier to intercept browser cookies used by those sites to identify users. Hackers can then log into those sites posing as those users. It only works on a shared wireless network, according to a programmer, who unveiled the program at a hacker conference in San Diego on Sunday to draw attention to security vulnerabilities. Those vulnerabilities could always be exploited by experienced hackers and as such are old news. But Butler's program puts that capability in the hands of amateur hackers, bringing renewed attention to the issue. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy, the programmer wrote. The fix is for websites to fully encrypt all of their communications with consumers, not just some of them. That is the default setting on Google's e-mail service, Gmail, a spokesman said. A Facebook spokesman said it's working on full encryption and hopes to offer that feature to users in the coming months. As always, we advise people to use caution when sending or receiving information over unsecured Wi-Fi networks, he said. Mike Beltzner, Mozilla's director of Firefox, emphasized that Firesheep is an add-on for Firefox created and distributed by a third-party developer. It demonstrates a security weakness in a number of popular websites, but does not exploit any vulnerability in Firefox or other Web browsers, Beltzner said. He suggested that Firefox users protect themselves by installing another add-on program: ForceTLS add-on.
Rigel Networks' offers unmatched competence in designing and development of high performance and scalable web applications. Here is the bigger picture http://goo.gl/ZsDu
No comments:
Post a Comment