Tuesday, November 2, 2010

If You Facebook, You are SO Screwed...

© 2010 Albert A Rasch and
The Rasch Outdoor Chronicles
$g&m f9bd 45kd q!?5.

If You Facebook,
You are SO Screwed...

Well, that may be a bit of an exaggeration, but not by much.

It seems that a clever programmer has created a Firefox plug-in that lets you masquerade as the owner of the Facebook account. Those of you that have had your emails hacked and spurious emails sent from your account to everyone in your address book are victims of this plug-in.

It's Big Problem for Websites, writes Darlene Storm at Computer World:
"Although many websites give lip service about how important their users' privacy and security is to them, very few have their entire site encrypted with HTTPS. Most sites encrypt the username and password during the login process, but most of those sites stop encrypting and protecting the user right there. As soon as a user moves on to a regular HTTP page on the site, an attacker can sniff and capture the user's cookie information."

According to Evelyn Rusli at TechCrunch:
"Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Moreover, to give you a sense of Firesheep’s scope, the extension is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp. And that’s just the default setting— anyone can write their own plugins, according to the post."

Read the full post here: An Idiot's Guide to Hijacking Facebook.

Read it and weep my friends, read it and be angry.

Best Regards,
Albert A Rasch
Member: Leatherneck Tent Club
Member: Hunting Sportsmen of the United States HSUS (Let 'em sue me.)
The Hunt Continues...

PS I am sure Bore Patch will have more on this for us.


steveo_uk said...

It's really simple albert, dont use any of the apps. People send us request all the time but there is no way in hell im going to part with my information to a third party company

The Beneficial Bee said...

Pretty scary. Thanks for the information!

Ryan said...

Informative post. First time on your blog. I found it on OBN. I will follow. =)

The Average Joe Fisherman

Bion said...

Albert, this "addon" is not going to crack/hack the user's password, unless the hacker can find information on the user's site that leads to finding a commonly used password. And if the hacker doesn't know the password, there is no way to change accounts, and send out notices, etc...If the users password is that simple, a simple "dictionary search" on a hacker program, will discover it. Keep your passwords complex, long, and upper/lowercase as well as numerical, and you will not be hacked as easily. Remember, this was a program designed to hack unsecured Wifi, not secured connections.