The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Jul/10

2

Facebook Session Hijack Video

We discovered a major security hole in Facebook almost by accident. The exploit is so trivial I can’t justify calling it hacking. Any time you are on an open WiFi and accessing Facebook, anyone else on the same network can easily grab your credential and access Facebook as you with full access to your account.

We have posted a video demonstrating this to YouTube as well as putting it in the Anonymizer Labs section of our website.

No tags

4 comments

  • rodmar · July 2, 2010 at 8:07 am

    Nice video.

    The real problem here is not the open wifi access but only the fact that facebook identifes its users with cookies.

    Reply

    • Author comment by lance · July 2, 2010 at 9:08 am

      I would say it is a combination of the very poor security design of the Facebook cookie authentication combined with the ease of intercept provided by the open WiFi.

      Reply

  • start · July 8, 2010 at 2:28 am

    i’m agree with you Lance, the security design of Facebook is ugly!!!

    Reply

  • Terrance · November 18, 2010 at 2:03 pm

    What’s the software programme used to see the raw wi-fi traffic?

    Reply

Leave a Reply

<<

>>