Here in Metro Manila you can access a lot of free and open wireless networks in heavily populated areas such as malls, cafes, restaurants and hotels. There are drawbacks in using these handy services and one of them is what you call http session hijacking or “œsidejacking”.
In sidejacking, sniffers can ride into your unsecured http sessions like Facebook and Twitter and gain access to your account. These sites require login over unsecured protocol and those credentials are stored in cookies which are then made available over the network. People can’t know your password but they can hijack your Facebook session and do all sorts of nasty things like put “œI suck” as your status.
Eric Butler, a US web application developer, created this plugin called FireSheep that allows anyone using Firefox over a public wireless network to sniff http sessions and trick the website into giving access to the session without asking for passwords. He created this plugin to force popular networking sites out there like Facebook to use secure HTTP (https) when logging in, similar to what email and payment services are using.
It doesn’t matter if you’re on a secured network or not as along as it’s public and you don’t know who else are on the same network, avoid using Facebook and other unsecured sensitive sites. If you just need to tweet on Twitter, practice logging out afterwards. Or use your own 3G connection if you can.
Facebook, Twitter, Flickr, etc”¦ please upgrade your security.
