Risky Business #174 -- Firesheep, news and more

How a pointy-clicky tool can lead to real change...
28 Oct 2010 » Risky Business

Firesheep is a Firefox plugin that automates the hijacking of http sessions over unsecured wifi access points. While sites like Facebook, Twitter and so on use https to protect login credentials, after successful authentication nine times out of ten you drop back to a http session.

That means, of course, that your session cookie is flying around in plain text and your authenticated session is easily hijacked. But session hijacking has always been a wee bit fiddly... until now.

The Firesheep plugin, written by a Web app developer named Eric Butler, automates the entire process. It's pointy clicky, so all you need to do is pull into a cafe or airport with open wifi, point and click and start goatseing everyone's Facebook.

Neal Wise of Assurance.com.au in Melbourne joins me to discuss Firesheep and what it means in a Web 2.0 world.

Vitaly "The Octopus" Kamlyuk is this week's sponsor guest and we talk about Java exploitation.

Adam Boileau, as always, stops by to discuss the week's news headlines.