Posted on: 2010/10/28 7:07
Re: Is xoops Firesheep vulnerable?
In fact, firesheep is not stealing your user and password credentials , but your browser cookies.
Cookies + Same Public IP = HACKED
let me explain a litle bit:
If u are using a Wifi router then u must know that not encripted wifi networks are all vulnerable, but not the encripted ones(not really).
Now the thing is that with WEP the user that has a decrypt key(those that are loged in the router, can access internet) can hear and decrypt any loged user data. They have your cookies.
With Wap and Wap2 this was modified. But in the last defcom conference someone(i dont know who) showed a bug that allowed any loged user to decrypt other loged users data. So they have your cookies too.
So... the things is that firesheep can steal your cookies and then use those cookies to make the site think that is the correct user. Remember that if the 2 users are using the same wifi router u have the same public ip address.
SO: HACKED xD
Bank accounts, facebook accounts, twitter accounts .. . . .. . . .. .
ANYTHING! (Without the correct SSL protection)