The Stray World

News is, there is now in act­ive devel­op­ment a plu­gin for Fire­fox that would allow you to side­jack an account without the need to learn tech­nical terms.

Side­jack­ing as Wiki­pe­dia defines, is referred “to the theft of a magic cookie used to authen­tic­ate a user to a remote server. It has par­tic­u­lar rel­ev­ance to web developers, as the HTTP cook­ies used to main­tain a ses­sion on many web sites can be eas­ily stolen by an attacker using an inter­me­di­ary com­puter or with access to the saved cook­ies on the victim’s com­puter.”

Firesheep is already avail­able for Win­dow and Mac, with cer­tain provisions.

Why am I reveal­ing so much vital inform­a­tion that would allow you to side­jack into other people’s account?

Because I want you to know how easy it is to do so. How easy it is for even a layper­son who doesn’t know what sudo make install means to side­jack into your account.

It is not that this was impossible to do before the advent of Firesheep, but it included the use of some know­ledge that aver­age Inter­net users didn’t have. “Web­sites have a respons­ib­il­ity to pro­tect the people who depend on their ser­vices. They’ve been ignor­ing this respons­ib­il­ity for too long, and it’s time for every­one to demand a more secure web. My hope is that Firesheep will help the users win,” says Butler.

Zeljka Zors also concludes:

As I write this, the exten­sion has been down­loaded some 8,000 times, and the num­ber is rising by the second. Wouldn’t it be amaz­ing that an action such as this could bring about the real­iz­a­tion of a more secure Internet?

Firesheep been claimed to work with “Face­book, Flickr, Amazon.com, bit.ly, Google, Twit­ter, Yahoo, Word­Press, and many others.”

Pro­tect your­self now if you are using Fire­fox by installing these two plu­gins, Force-TLS or HTTPS Every­where.

Per­son­ally, I am thank­ful to Eric But­ler who released this plu­gin, to high­light how fra­gile my online pri­vacy and data actu­ally is. Now let’s hope Face­book et al. get the message.

As one Slash­dot com­menter puts it:

Face­books serv­ers were hanging around in a dark alley one faith­ful night. My pri­vacy just happened to think that par­tic­u­lar night, let’s take the shorter route home. It’s as if Face­books serv­ers sniffed she was com­ing, des­pite her high pri­vacy set­tings. They libp­cap­tured her, then stripped all of her head­ers and check­sums, right to her to the bare pro­file while taunt­ing her loudly. Some traffic just passed by without doing any­thing. My pri­vacy was viol­ated again, and again and Face­books serv­ers just kept going and going. Then they left my pri­vacy “face”-down in a shal­low ditch, some shreds of unique ROW­IDs cov­er­ing her blood­soaked profile.