Wednesday, November 24, 2010

Secure your cookies

In light of the publicity created by Firesheep, HTTPS Everywhere has been updated to force websites to activate a secure flag in cookies used to authenticate their users.
I finally tested Firesheep. It is painfully easy to use for hijacking sessions. Here I start Firesheep on a Windows machine (via RDP) and I log into Facebook on a Ubuntu system. As seen in the screenshot, Firesheep quickly captures the cookie of that session and permits easy access to the active account.

No comments:

Post a Comment