Imagine that you’re sitting in Lamont Library, quietly studying. The student next to you shouts, “Hey Facebook, give me all the photos you have of that cute guy from section!” Someone in a blue Facebook jacket runs over and displays a big poster with embarrassing party photos.
All around the library, students can be heard yelling at the top of their lungs about Facebook friends, Google searches, or the latest gossip. It sounds ridiculous, but this is how public our interactions are when we use wireless networks. We’re ordinarily unaware of it because our laptops politely cover their ears when they hear private messages.But what happens when someone decides to eavesdrop or—worse still—to actively pretend to be someone else? Firesheep is an extension to the Firefox browser that allows for exactly that. It exploits the fact that many prominent websites (including Facebook, Twitter, and Google search) don’t encrypt normal page requests. Once you’ve logged in, your browser sends a cookie to the server every time it connects so that the server knows who you are. If the connection is unencrypted, an eavesdropper can steal the cookie and pretend to be you; this is known as session hijacking.
Read this full article at The Harvard Crimson
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!