Subject: How anyone can hijack your online accounts
  This thread has been closed by sexyloser at 18-5-2024 10:40. 
atomic3d
Throbbing Titan
Rank: 7Rank: 7Rank: 7


UID 41127
Digest Posts 0
Credits 3282
Posts 2642
Karma 3157
Acceptance 2501
Reading Access 70
Registered 10-3-2010
Status Offline
Post at 1-11-2010 14:08  Profile P.M. 
Font size: S M L
How anyone can hijack your online accounts

How anyone can 'point-and-click' to hijack your online accounts
Ben Grubb
November 1, 2010 - 3:57PM
                [attach]33101[/attach]
The Firesheep add-on in action. Photo: Codebutler.com

Logging in to your Facebook or online email accounts from an unsecured public Wi-Fi network? Think again, as a new add-on for the web browser Firefox allows even the most amateur hackers to hijack your account.
The Firesheep add-on allows anyone to easily break in to Facebook, Twitter and legions of other online accounts of individuals when they log in from unsecured public Wi-Fi found at places such as McDonald's, hotels and cafes.
For example, as a victim is logging in to their Facebook or Twitter account from any web browser, the attacker, using the Firefox add-on, can sniff out their credentials, allowing the attacker to hijack the victim's account without having any physical access to their computer.
Advertisement: Story continues below
Using the add-on, the attacker can then access the victim's account using the unsecured Wi-Fi just by clicking on the account.  
The attacker is then able to pretend to be the victim by taking over their account.
Depending on the type of account, they are able to send emails or Facebook messages to those the victim is in touch with - and view all of the victim's existing messages.
Without special software that encrypts internet traffic it is impossible to avoid these types of attacks.
In the first couple of days of being available the Firesheep add-on was downloaded more than 129,000 times, said its developer, Eric Butler, a freelance web application and software developer based in Seattle.
Firesheep is not an official Firefox add-on. The reason it was released, Butler said, was to demonstrate how many sites were not using proper security practices.
"Websites have a responsibility to protect the people who depend on their services," he said on his blog.
"They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web."
Chris Gatford, a security consultant at Hacklabs, said the tool was embarrassing large websites, such as Facebook and Twitter, into moving them to secure their online applications.
"A lot of these web services should be moving to fix these vulnerabilities in light of this," he said.
Gatford said the flaw that the add-on was taking advantage of had "been around for a long time" and that there had been "several tools" that had the ability to do the same thing in the past.
But he said that the Firesheep add-on had made it "much easier" for anyone – not just security professionals or savvy computer users – to hijack people's Facebook, Twitter and various other online accounts being accessed from unsecured Wi-Fi.
"The great thing about Firesheep from a security professional's perspective is that it makes what we call stealing session cookies much easier to do and makes it much easier – and much easier for other people – to point out vulnerabilities in applications that they're using, such as Facebook and Twitter and various other clients," he said.
The tool works by looking at web traffic available on open Wi-Fi access points, Gatford said.
Many websites don't use what is known as HTTP over SSL (HTTPS) by default. It is the lack of HTTPS not being used consistently throughout the online application that is causing a users' credentials to leak, he said.
"Unfortunately when you're not using HTTPS you are exposing these credentials and this is what Firesheep does; it picks up some of these credentials flying around the airwaves, in this particular case the open Wi-Fi access point you are connected to, and alows the attacker point-and-click access to other people's accounts," he said.
Gatford said a lot of web applications were designed to use HTTP instead of HTTPS for "speed and performance" and that this may be one of the many reason why websites that require a log-in weren't using HTTPS.
In a statement to tech blog TechCrunch, Facebook said it was "making progress testing SSL access across Facebook" and said that it hoped to "provide it as an option in the coming months".
Since being available to download, a number of tools have been released to counter Firesheep's ability to hijack people's credentials. One tool, named FireShepherd, works by flooding a network with certain traffic that stops Firesheep's ability to work.
http://www.smh.com.au/technology ... 20101101-179rg.html

[ Last edited by  atomic3d at 1-11-2010 14:09 ]


 Attachment: Your usergroup does not have permission to access attachments
Recent Ratings
DArtagnan   1-11-2010 14:54  Karma  +5   Good warning!
Top
hunter (Real Slim Slapper-Status: 九叔 .)
Fucking Legend
Rank: 10Rank: 10Rank: 10


UID 2748
Digest Posts 0
Credits 16230
Posts 12435
Karma 16060
Acceptance 3408
Reading Access 100
Registered 5-8-2007
Location Pussy Paradise, Earth
Status Offline
Post at 1-11-2010 15:17  Profile P.M. 
Font size: S M L
Reply #1 atomic3d's post

I had a colleague, fucking 40 yrs old, playing FB everyday and accumulates tonnes of credits, online moneys via some poker, farming  games.
His FB was hijacked and fucking hell break lose in the  office, complaining and yelling and telling everyone his FB got blocked/stolen,  etc. Fucking annoying and Lunatics!!!
Let me send this link to him......




Retired from pussy arena….Uncle 9

Top
sexfiend
Nookie Newbie
Rank: 1


UID 34324
Digest Posts 0
Credits 38
Posts 38
Karma 37
Acceptance 10
Reading Access 10
Registered 12-11-2009
Status Offline
Post at 1-11-2010 16:48  Profile P.M. 
Font size: S M L
yeah, my own FB account got hijacked when i join those SEXbook or fuckbook websites




Life is like a dick if its hard fark it :D
Top
ken88
Musky Member
Rank: 2



UID 49126
Digest Posts 0
Credits 186
Posts 188
Karma 186
Acceptance 9
Reading Access 20
Registered 31-7-2010
Status Offline
Post at 6-11-2010 21:05  Profile P.M. 
Font size: S M L
After reading this article, I don't think I will use public Wi-Fi again. It's a bit scary what they can do, and the crims will probably be one step ahead of you and get past any new patches anyway.
Top
 


All times are GMT+8, the time now is 12-11-2024 01:37

Powered by Discuz! 5.0.0 © 2001-2006 Comsenz Inc.
Processed in 0.035858 second(s), 9 queries , Gzip enabled

Clear Cookies - Contact Us - 141Love
Disclaimer: This forum is operated as a real-time bulletin board system. 141CLUB.COM carries no legal liability on its contents. All messages are solely composed and up-loaded by readers and their opinions do not represent our stand. Readers are reminded that the contents on this forum may not convey reliable information thus it is readers' own responsibility to judge the validity, completeness and truthfulness of the messages. For messages related to medical, legal or investment issues, readers should always seek advice from professionals. Due to the limitation of the forum's real-time up-loading nature, 141CLUB.com is not able to monitor all the messages posted. Should readers find any problems regarding the messages, do contact us. 141CLUB.COM reserves the rights to delete or preserve any messages and reject anyone from joining this forum. 141CLUB.COM reserves all the legal rights.