Firesheep's a Huge Hit with Amateur Hackers
Firesheep, an amateur hacking tool, has been downloaded more than 104,000 times a mere 24 hours after its launch, according to TechCrunch.
Firesheep is a Firefox add-on programmed by Seattle-based software developer Eric Butler, who says he designed the extension to demonstrate the HTTP vulnerability in certain websites (such as Twitter, Facebook, Flickr, Tumblr, and Yelp). The extension basically allows people to view information traded over a public network, in the form of cookies -- when someone logs on to one of the 26 sites in Firesheep's database, their information is vulnerable to being swiped.
Before privacy hawks freak out, it's not quite as bad as it sounds. Because Firesheep uses information swiped from cookies, it won't reveal passwords to any snoopers --just a person's username and session number ID. So, while people might be able to see sensitive information (say, the person's Facebook account), they can't do anything that requires the password (for example, in Amazon, they won't be able to purchase anything or access credit card information).
Furthermore, Firesheep is limited to hacking people on the same network -- so if you're on a password-protected network, only people on that network will potentially be able to get your information. Of course, this means that you should be extra careful while on an open or public Wi-Fi network.
Butler told TechCrunch that the extension was designed to raise security awareness in both users and website administrators:
"Firesheep was written over the course of a few months in spare time but really boils down to a few weeks of work. I originally thought of the idea three or four years ago, but didn't start working on it until this year.
"I went back and forth trying to predict what the reaction might be. Initially before Firesheep was completed I thought there might be moderate interest, but then after doing more research, found a lot of one-off articles discussing this same issue that were essentially ignored. I certainly never expected Firesheep to be the #10 trending search on Google in the US. I've received a ton of great messages from people who are happy that this issue has finally received widespread attention, so after day one I'm happy with the result.
"The attack that Firesheep demonstrates is easy to do using tools that have been available for years. Criminals already knew this, and I reject the notion that something like Firesheep turns otherwise innocent people evil."
Well, it looks like people are definitely taking notice -- the add-on has been downloaded more than 104,000 times since it launched Sunday. The add-on is currently available for Mac OS X and Windows, with Linux support coming soon.