Ads 468x60px

RAVI PANCHAL

It's me rPanchal

Labels

Anti Virus (8) Blogger Widget (10) Hack (19) Hack IDM (1) Softwere (9) Windows (12)

Thursday, 24 May 2012

Hack Facebook/Twitter Or Any Email Account With Session Hijacking

When logging into a website you usually start by 
submitting your username and password. The
 server then checks to see if an account matching
 this information exists and if so, replies back 


to you with a "cookie" which is used by your
 browser for all subsequent requests.
It's extremely common for websites to 
protect your password by encrypting the initial
 login, but surprisingly uncommon for 
websites to encrypt everything else. 
This leaves the cookie (and the user)
 vulnerable. HTTP session hijacking
 (sometimes called "sidejacking") is when
 an attacker gets a hold of a user's cookie,
 allowing them to do anything the user 
can do on a particular website. On an open
 wireless network, cookies are 
basically shouted through the air, making
 these attacks extremely easy.
This is a widely known problem 
that has been talked about to death,
 yet very popular websites continue
 to fail at protecting their users. 
The only effective fix for this problem
 is full end-to-end encryption, known
 on the web as HTTPS or SSL.
 Facebook is constantly rolling out
 new "privacy" features in an endless
 attempt to quell the screams 
of unhappy users, but what's the
 point when someone can just
 take over an account entirely? 
Twitter forced all third party 
developers to use OAuth then 
immediately released (and promoted)
 a new version of their insecure 
website. When it comes to user privacy,
 SSL is the elephant in the room.
Firesheep, a Firefox extension 
designed to demonstrate just how 
serious this problem is.
After installing the extension you'll
 see a new sidebar. Connect to any
 busy open wifi network and click
 the big "Start Capturing" button.
Then wait.


As soon as anyone on the network visits
 an insecure website known to Firesheep, 
their name and photo will be displayed:



Double-click on someone, and you're 
instantly logged in as them.



That's it.
Firesheep is free, open source, and is 
available now for Mac OS X and Windows.
 Linux support is on the way.
Websites have a responsibility to protect
 the people who depend on their services.
 They've been ignoring this responsibility
 for too long, and it's time for everyone to 
demand a more secure web. My hope is that
 Firesheep will help the users win.
By Codebutler..
................................................................

0 comments:

Post a Comment

you can also receive free email updates:

Related Posts Plugin for WordPress, Blogger...