Thursday, October 28, 2010

Firesheep, amazing simplicity.

Probably everybody already know what firesheep is. Announced at Toorcon 12, it is a session sniffer and hijacker firefox plugin.

If you are an "hard-core" hacker probably you are thinking: "WTF is that ? Where is the innovation in a Freaking session sniffer and/or hijacker ?". Well, I say nothing. It is nothing new per-se, but it is easy, extremely easy to use. With this well done tool everybody will be able to hijack sessions over HTML stream. So yes, nothing new but it is a really really well done nothing new. Before firesheep the probability to have a hijacker in the internet point down your street was pretty low, now is going to be pretty high. I wont say that to prevent this attack is enough an SSL encryption, I wont say that you need to pay attention to certificate spoofing and to HTTPS-Splitting techniques, I just wanna point out that we've just reached the feasibility threshold another time.

Now it's time to build new security weapons....

No comments: