Firesheep intercepts social network accounts over WiFi
CAMPBELL, Calif. (KGO) -- Nobody pays attention when a person walks into a coffee shop and logs a laptop onto the free public WiFi network. But what happens next should put you on the alert. An application called Firesheep can start tracking who is using Facebook or Twitter, intercepting data that allows a total stranger to take over your account.
"Now they can actually capture the cookie that passes along the identity information, and they can hijack your account or anybody that's using Firesheep can hijack your account," says McAfee security expert Joris Evers.
How is this possible? While a website may require a password to log in, many don't encrypt subsequent transmissions. That creates a security gap.
One customer we spoke to was logged onto Facebook while studying, but wasn't too concerned.
"It's mainly just like asocial network for me," says Campbell resident Irina Moiseyeva. "I only use it to kind of catch up with people every so often, but it's not like I'm saying, 'Oh, here's my Social Security mumber.'"
Firesheep was created by two Seattle programmers trying to wave a red warning flag.
"I wrote Firesheep because I was tired of having to deal with websites that were ignoring this problem of user privacy," says software programmer Eric Butler.
At the same time, their free application has been downloaded 800,000 times, empowering people to become identity thieves.
"The people who really need to watch this video are Facebook, and they need to realize they're the ones that make this possible," says Butler.
ABC7 contacted Facebook, but we have not heard back from them.
Firesheep also sniffs for account data for Twitter and 22 other popular websites.
"It brings to the forefront the risk of the public WiFi networks with unencrypted traffic, but also the fact that these websites, like the social networking sites you mentioned, don't encrypt their traffic throughout," says Evers.
Something to think about.
"I feel like privacy is definitely not guaranteed, and it's up to you to be aware of when you're covered and when you're not," says Campbell resident Sarah Schott.
internet, identity theft, facebook, twitter, campbell, technology, david louie
- 1 dead, 2 injured in Redwood City boating accident
- Mother, child killed in San Francisco fire
- San Francisco officials plan to crack down on "420"
- SF Chinese community faces fallout from Yee arrest
- Serious accident on Almaden Expressway in San Jose 24 min ago
- Possible explosive prompts evacuations in Solvang
- Firetruck rams California eatery; 15 injured
- BART unveils new train car design in SF
- Man accused of killing Sierra LaMar appears in court
- VIDEO: Man kicked in head taking selfie in...
- Angels beat A's 5-4 on Iannetta's HR in 12th
- Photos: The 10 worst jobs for 2014
- weather: Bay Area weather forecast for Thursday
- roundup: Hammer beating; SF "420" crackdown 2 min ago