Hacking into ppls Facebook/Twitter/Etc at local coffeeshop

[banker0679]

article

Welcome to TechNewsWorld


you can download it here

http://codebutler.github.com/firesheep/

enjoy ! lol

 

[Enigmabomb]

Been playing with this the last few days.

 

[Paper Clique]

Pretty nice, I thought it was going to be an ARP poisoning tutorial, but I'm actually impressed now.

 

[bizzle]

Have fun while it lasts. 100k plus dls in a week, yeah Facebook is going to close this patch quickly.

 

[banker0679]

facebook? there's twitter and amazon lol and others!

 

[iPwnNoobs]

this is win

 

[tainted]

This is fun.

 

[cardine]

I'm impressed.

 

[cardine]

Oh shit this might work for campus wifi.

 

[Rexibit]

This is why you should always be behind a VPN with SSL and 256bit encryption when on WiFi, even at home to prevent drive-bys who sit out on the street and packet sniff (even on the closed networks).

 

[moltar]

Have fun while it lasts. 100k plus dls in a week, yeah Facebook is going to close this patch quickly.

You can't close this unless you move entire site to HTTPS, and then it's going to be a caching hell! IMO this isn't going to be fixed anytime soon.

 

[schockergd]

Now , how can this be used for blackhat?

 

[heroiceric]

Oh shit this might work for campus wifi.

Since I'm in the library on campus and I've been "capturing" for over 5 minutes and the only facebook logins that have showed up were mine, I'm going to say it doesn't work on my campus.

 

[tainted]

Doesn't work on campus wifi

 

[RockDiesel]

This is why you should always be behind a VPN with SSL and 256bit encryption when on WiFi, even at home to prevent drive-bys who sit out on the street and packet sniff (even on the closed networks).

I use a VPN, even when at home, but according to his latest article you are still vulnerable to Firesheep even on a VPN. Would this apply to all VPNs or just shitty VPNs?

While we metnioned that VPNs and SSH tunnels can be helpful just above this, we want to emphasize that it’s just pushing the problem to that VPN or SSH endpoint. Your traffic will then leave that server just as it would when it was leaving your laptop, so anyone running Firesheep or other tools could access your data in the same way. These are solutions that require at least some understanding of networking and risks at hand. A blind suggestion of “Use a VPN” doesn’t really solve the problem and may just provide a false sense of security.

Another problem with VPNs is that they don’t work all the time. Sometimes they just disconnect, and your traffic is all routed over your normal interface without any notice. The built in VPN clients on OSX, the iPhone, and iPad are particularly bad at this.

Eric Butler - Software Developer in Seattle WA

 

[banker0679]

if you need a username/pass then it wont work

most coffee shops do not require a login

 

[heroiceric]

if you need a username/pass then it wont work

most coffee shops do not require a login

The truth. At least it doesn't work on the network at my house, which is using WPA Personal.

 

[juntao65]

How can you use this without getting raped?

The only thing I can think of is where you could set up a bot where when you goto a coffee shop, it grabs all FB logins, then grabs all their friend's email addresses, and any other info that is visible to friends. Archive that data and sell that shit off.

Tho you'd need to like spend a whole day at a coffee to get even a worthwhile quantity. Then there's the whole hitting the inbox~

 

[highrollin01]

So is it a FACT that it only works on wifi connections that dont require a login??

 

[-joe-]

This is why you should always be behind a VPN with SSL and 256bit encryption when on WiFi, even at home to prevent drive-bys who sit out on the street and packet sniff (even on the closed networks).

Even if the home network's WPA encrypted?