Categories
Social Media Softwares

Facebook and Twitter Firesheep Vulnerability Explained

Firesheep vulnerabilities in Facebook, Twitter, Hotmail, Flickr, and other popular websites explained.

Maybe you are wondering what is all about Firesheep and the buzz around it. With the help of our friends from Digital Society, vulnerabilities in Facebook, Twitter, Hotmail, Flickr, and other popular websites are explained.

In a nutshell both Facebook and Twitter fail in the basic tests conducted.

Instead of trying to rephrase the explanation of the technical terms, I\’ll just quote the whole thing below:

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Both Facebook and Twitter can be hacked using all of the techniques above.

For the complete listing, read the article here.

By Marck V.

Filipino IT consultant on enterprise software. On his spare time he do web project management, photography and blogging. Web 2.0 enthusiast.