Firefox add-on causes more security concerns for website users
There have been a growing number of concerns over privacy on social networking websites such as Facebook in recent months, and the development of a new Firefox add-on may have made it worse. The Wall Street Journal reports that users of the popular web browser now have the option to run the add-on program Firesheep, which may allow users to sign on to Facebook, Twitter and other sites while posing as someone else.
The developer of the program, Eric Butler, says that it works because Firesheep is designed to intercept cookies that are used by social networking sites to identify their members. If a user is on a shared wireless network, those with the add-on can grab cookies of other users and possibly impersonate them. Butler said at recent conference in San Diego, California, that he developed the program to expose some of the most egregious gaps in security on the most highly visited websites.
According to the news source, University of North Carolina student Jarrard Cole recently tried out the application at the school's library. The program gathered information from 40 to 50 Facebook, Yahoo Mail, Google and Flickr users. He was able to log in as these people and view private information such as chat histories.
"I was just interested to see if it works," Cole told the Journal. "It was very scary."
In light of recent security concerns, both Facebook and Google have reported that they are in the process of making it impossible for programs like Firesheep to strike.
While Butler's creation is a troublesome development, the Seattle-based programmer says that there is a way for the sites to close the security gap. In a post on his blog, Butler wrote that the websites need to fully encrpyt their communications with customers.