Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management
    • PC Hardware

    New Twitter Session Hijacking Tool Follows Firesheep

    By
    Brian Prince
    -
    October 27, 2010
    Share
    Facebook
    Twitter
    Linkedin

      A London software developer has followed in the footsteps of the Firesheep extension for Firefox with his own tool targeting Twitter users leveraging open WiFi.

      Jonty Wareing’s tool is called “Idiocy,” which he describes in a blog post as “a warning shot to people browsing the internet insecurely.” Unlike Firesheep, which targets a number of sites including Facebook and Flickr, Idiocy is specifically aimed at Twitter.

      “Idiocy is designed to warn people of the risks they’re taking on public WiFi networks,” Wareing blogged. “While quietly running in the background Idiocy watches for people visiting Twitter insecurely, hijacks the session and posts a tweet warning them that they are vulnerable, with a link to a page explaining what has happened.”

      “Given that most Websites will not be making SSL [secure sockets layer] the default any time soon, the only option is to educate people,” he added. “Run Idiocy on your laptop and make people aware.”

      Eric Butler, one of the researchers who released Firesheep, had a similar stated purpose.

      “The real story here is not the success of Firesheep but the fact that something like it is even possible,” he blogged. “The same can be said for the recent news that Google Street View vehicles were collecting web traffic. It should not be possible for Google or anybody to collect this data, whether intentional or not…True success will be when Firesheep no longer works at all.”

      Firesheep has been downloaded more than 339,000 times in the past few days. With Firesheep installed, attackers can target anyone on the same wireless network visiting non-encrypted sites recognized by the tool. Both programs are focused on HTTP session hijacking, a well-known problem that occurs when an attacker gets a hold of a user’s cookie. Researchers have released several other tools over the years to exploit the issue as well.

      In a joint blog post, Butler and research partner Ian Gallagher noted that the problem really is not open WiFi, but the failure of many Web sites to support SSL. In addition, a password-protected (WPA2) wireless network only requires attackers perform one more step – such as DNS spoofing – to carry out the attack, according to the blog post.

      Users can mitigate the issue with virtual private networks or extensions like Firefox’s HTTPS-Everywhere, but none of these is a silver bullet, they wrote. The only real solution is properly implemented SSL/HTTPS.

      Due to Firesheep’s publicity, there will likely be more forced HTTPS offerings for other browsers soon, opined Sean Sullivan, security advisor for F-Secure.

      “Google moved Gmail completely to HTTPS after the Aurora attacks,” he said. “The fix costs money, CPU power is required to provide encryption… so if it isn’t broke, it won’t be fixed. Some vendors, such as Facebook, may decide that their business requires full encryption, as they’re already a target. But Flickr? I can’t see a way to leverage attacking that as easily, so I imagine full HTTPS would be slow in coming.”

      *This story was updated to add more current statistics about the number of Firesheep downloads.

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×