Firesheep, or how you can become a stalker in seconds

Discussion in 'Apple, Inc and Tech Industry' started by meelash, Oct 25, 2010.

  1. meelash macrumors member

    Aug 7, 2008

    Easy, one click HTTP Session hijacking from within firefox.

    Step 1: Go to public wireless access point (coffee shop, student center, etc.)
    Step 2: Have open, one-click access to people's facebook, twitter, etc.

    Yup, it's really that easy.:eek:
  2. AnimaLeo macrumors 6502

    Sep 2, 2009
  3. meelash thread starter macrumors member

    Aug 7, 2008
    Seriously, you guys don't find this an interesting topic of discussion?? I can't believe that no one here is not regularly using unsecured, free wireless at coffee shops and university campuses. You aren't surprised by how easy this is?

    Obviously (I hope), the how to be a stalker thing was tongue-in-cheek.
  4. 184550 Guest

    May 8, 2008
    I don't think many people realized this was in the news yesterday.

    Perhaps you should have posted a link to facilitate the discussion.
  5. *LTD* macrumors G4


    Feb 5, 2009
    Some of us have a data plan. ;)
  6. benhollberg macrumors 68020


    Mar 8, 2010
    I have tried it at my school, the University of Utah, and the school has blocked certain ports. It says it cannot access some port and therefore won't work. However on the school's unsecured open network it does work.
  7. Melrose Suspended


    Dec 12, 2007
    I downloaded this and installed it. Note, it needs the latest build of Firefox to work.

    I find this type of thing very interesting, and I certainly hope it forces Big Website to implement necessary changes. That said, I'm never on public networks doing things I need to have locked down tight, so it's no skin off my nose. Still, one of these days I'll take my MBP to the library and try it out. :D

    Although, there are legal ramifications if you get caught. This type of covert espionage - however white-hat or yokel it may be - is illegal.
  8. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    One thing to note is it does not work on encrypted networks regardless of whether you have the key.

Share This Page