Firesheep program allows easy hacking

Think twice before logging into Facebook with free WiFi access — unless you don’t mind snoopers reading and potentially altering your profile.

TORONTO — Think twice before logging into Facebook with free WiFi access — unless you don’t mind snoopers reading and potentially altering your profile.

A software developer is hoping to educate users about the dangers of using unsecured WiFi networks with a computer program that makes it easy to hack into Facebook and Twitter accounts.

With a download of Firesheep, a plug-in for Mozilla’s FireFox web browser, all it takes is patience and a couple clicks to access someone’s profile on a variety of websites, also including the photo-sharing site Flickr and the WordPress blogging platform.

The program sniffs out log ons over the network and connects Firesheep users with those accounts.

“Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web,” wrote Seattle-based Eric Butler in a blog post explaining his program.

Butler, who declined interview requests, said that not all websites are vulnerable to Firesheep, but too many sites aren’t secure enough to thwart hackers. While typed-in login information may be protected, the user-identifying information in cookies — small text files that websites access on a user’s computer — are not.

“On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy,” Butler wrote.

“The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.”

In just over 24 hours, Firesheep was downloaded more than 129,000 times. Among the users was Ian Robertson, an IT professional in Ottawa who took his laptop to a couple of local coffee shops to give the program a test drive with a colleague.

“I was able to see about half a dozen accounts on Facebook and was able to actually log into their accounts, view all their photos, all their private information, their phone numbers — anything,” said Robertson.

“Just for a test with one of my colleagues I logged into his profile and I was able to change his status to single. And within about 10 minutes his girlfriend commented and said, ‘Why??”’

Robertson said he was surprised how easy it was to use and was concerned that others might download it for far more malicious purposes than he did.

“You feel kind of powerful, I guess, like you could just go in there and spam away if you wanted to,” he said.

Firesheep is on the radar of Canada’s privacy commissioner but there have been no public inquiries about the program and there is no investigation ongoing, said spokeswoman Anne-Marie Hayden.

She did note the Personal Information Protection and Electronic Documents Act requires that companies use safeguards to protect personal data.

“Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification,” reads Section 7 of the act, which also states that protection should include physical and technological measures “for example, the use of passwords and encryption.”

“Because we haven’t investigated this issue we can’t say whether a particular site has violated the safeguards provision of (the act),” Hayden said.

In a statement, Facebook said it’s working on beefing up its encryption and warned about the risks of using the site over WiFi.

“We have been making progress testing SSL access to Facebook and hope to provide it as an option in the coming months,” the statement reads.

“As always, we advise people to use caution when sending or receiving information over unsecured WiFi networks.”

Kris Constable, founder of the Victoria-based company PrivaSecTech, said the security problems posed by unsecure wireless networks might be news to the general public, but they’ve long been exploited by hackers.

Firesheep only takes away the barrier to entry for wannabe hackers.

“The thing its done is made the attack a lot prettier . . . it’s kind of what hacking looks like in the movies,” Constable said.

He hopes Firesheep will finally put enough pressure on business leaders to invest in better encryption.

“When you add something like encryption to any technology it’s going to cost businesses more to implement so they’re not motivated to do it, even though it’s going to make people more secure,” he said.

“But hopefully (Firesheep) is going to force businesses to use more encryption and I think with more awareness.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

A health-care worker prepares a dose of the Pfizer-BioNTech COVID-19 vaccine at a clinic in Toronto on Thursday, January 7, 2021. THE CANADIAN PRESS/Nathan Denette
Alberta vaccine rollout expanding to front-line health-care workers

More than 240,000 eligible health-care workers can begin booking vaccine appointments starting… Continue reading

File photo
The Red Deer Rebels will have three new assistant coaches when the WHL regular season starts on Friday. Brad Flynn (left), will be on the bench alongside fellow assistant Ryan Colville (right) head coach Brent Sutter (middle). (Photo by BYRON HACKETT/Advocate Staff)
Sutter steps down as Red Deer Rebels head coach

Red Deer Rebels Owner, GM and head coach Brent Sutter has stepped… Continue reading

Premier Jason Kenney announced $200 million more money that will benefit seniors living in continuing care on Wednesday. (photography by Chris Schwarz/Government of Alberta)
Alberta’s in-school rapid screening test program expanding

Alberta’s in-school rapid screening test program will expand to as many as… Continue reading

Parents and students learned Tuesday what the coming school year will look like. It's pretty much back to business as usual, said Education Minister Adriana LaGrange. School precautions include frequent cleaning, keeping students in the same groups where possible, planning the school day to allow for physical distancing and staying home when sick. (photography by Chris Schwarz/Government of Alberta)
Alberta’s largest school board says no to United Conservative draft school curriculum

CALGARY — Alberta’s largest school board says it will not use the… Continue reading

Red Deer-South MLA Jason Stephan is among those who have signed an open letter criticizing the government’s return to stricter health measures. (Advocate file photo).
Updated: Kenney tells UCP caucus COVID-19 dissent OK, breaking health rules means expulsion

15 MLAs released letter on Wednesday critical of new health restrictions

Prime Minister Justin Trudeau watches a speaker appear by videoconference during a news conference in Ottawa, Friday, April 9, 2021. Grassroots Liberals have overwhelmingly endorsed a resolution calling on the federal government to develop and implement a universal basic income — despite Prime Minister Justin Trudeau's apparent lack of enthusiasm for the idea. THE CANADIAN PRESS/Adrian Wyld
Trudeau winds up Liberal convention with election campaign-style speech

OTTAWA — Justin Trudeau wound up a three-day Liberal convention Saturday with… Continue reading

Team Canada skip Brendan Bottcher makes a shot against Italy at the Men's World Curling Championships in Calgary, Alta., Tuesday, April 6, 2021.THE CANADIAN PRESS/Jeff McIntosh
Men’s world curling championship in Calgary in COVID limbo

CALGARY — The men’s world curling championship in Calgary remained suspended Saturday… Continue reading

Pipes intended for construction of the Keystone XL pipeline are shown in Gascoyne, N.D. on Wednesday April 22, 2015. THE CANADIAN PRESS/Alex Panetta
Non-profit Quebec law centre to aid environmental group targeted by Alberta oil firm

QUEBEC — The Quebec Environmental Law Centre is coming to the aid… Continue reading

Conservative leader Erin O'Toole holds a press conference on Parliament Hill in Ottawa on Tuesday, April 6, 2020. Top Tory leaders of past and present will speak with supporters today about what a conservative economic recovery from COVID-19 could look like. THE CANADIAN PRESS/Sean Kilpatrick
Conservatives cite empathy, relationships as ways to help expand their movement

OTTAWA — Conservatives should show empathy with Black residents who say they’ve… Continue reading

NDP Leader John Horgan celebrates his election win in the British Columbia provincial election in downtown Vancouver, B.C., Saturday, Oct. 24, 2020. New Democrats are reconvening for the second day of a three-day policy convention as they look to push past the glitches of the virtual event's opening sessions and rally around keynote speaker John Horgan. THE CANADIAN PRESS/Jonathan Hayward
New Democrats reconvene as hiccups, frustrations plague national policy convention

OTTAWA — New Democrats reconvened Saturday for the second day of a… Continue reading

FILE - In this Monday, Oct. 23, 2017 file photo, President Donald Trump speaks during a joint statement with Singapore's Prime Minister Lee Hsien Loong in the Rose Garden of the White House in Washington. Former President Donald Trump plans to affirm his commitment to the Republican Party — and raise the possibility that someone else will be the GOP's next presidential nominee — in a closed-door speech to donors Saturday night, April 10, 2021. (AP Photo/Evan Vucci, File)
Trump in 2024? He says only that ‘a Republican’ will win

PALM BEACH, Fla. — Former President Donald Trump plans to affirm his… Continue reading

A cruise ship sits docked waiting for passengers to be evacuated in Kingstown, on the eastern Caribbean island of St. Vincent, Friday, April 9, 2021 due to the eruption of La Soufriere volcano. (AP Photo/Orvil Samuel)
Ash-covered St. Vincent braces for more volcanic eruptions

KINGSTOWN, St. Vincent — People who ignored an initial warning to evacuate… Continue reading

Owner of 4 Point Taekwondo Kevin Mejia holds a board as organizer and martial artist Kevin Olsen breaks it in Edmonton on Friday, April 9, 2021. One hundred martial artists from around the world, will be breaking a board for an event called "Break for a Breakthrough." The idea is for martial artists to unite and re-engage with the arts because they may have drifted away or lost enthusiasm as a result of the pandemic. THE CANADIAN PRESS/Jason Franson
Break for a Breakthrough: Canadian hosts international martial arts demonstration

EDMONTON — Whether he’s breaking a wooden board, a clay tile, cement… Continue reading

Most Read