Two weeks ago, or 24th October 2010, there is a new plug-in for Firefox being released during the ToorCon 12 (a hacker conference) and immediately the plug-in captured tons of media attention. What is this plug-in made for, you might ask? Firesheep, a plug-in for Mozilla Firefox that is developed to demonstrate the security issue in most of the famous web services, such as Facebook, Twitter etc., and this security issue (known as HTTP Session Hijacking) wasn’t a new one – it is already made known and discussed since year 2004, and still most of the web services are ignoring this issue. Most of the web services aware that they can do a fully secured website for their users by using HTTPS/SSL, but a big portion of them choose either not to implement it, or implement it at the surface layer only (like Facebook and Twitter), where you only have the full encryption and protection during the login, but not the session after that. This doesn’t do good for their user since the HTTP sessions are still easily being hacked, and certainly their new privacy settings doesn’t help in the situation at all.

Continue reading Firesheep Forced Internet User to Rethink the Security Issue of Web Services →