Nov 11, 2010

Social networking sites Hack discovered.......


This was found recently that a Firefox addon called FIRESHEEP was able to scan the wireless network for ports open on the network and display them on the user who has installed FIRESHEEP.

How Does Firesheep Work?


First, Firesheep does not steal the victim’s password that they are using with a website (twitter/facebook/etc). In fact, the passwords are correctly and securely sent to those websites. Instead Firesheep steals the session identifier for the user. The session id is a long random
number that is used to represent the user after the user has authenticated to the website with their username and password. Without session ids a user would need to send their username and password with every request. The session id was created to eliminate this inconvenience and allow a user to simply provide their password once and allow the browser and website to handle the rest. The browser remembers the user’s session id and the web server makes a record within their databases to associate the session id and user’s identity. From this point on the web site knows that each time they receive the particular session id that the request is coming from the associated user.
The Facebook and other social networking services have taken this into consideration but no official news has come that has reffered to solving the problem

No comments:

Post a Comment