June 4, 2011

The Ability to Hijack Facebook/Twitter Accounts.

Just like Firesheep, Faceniff allows someone to hijack the cookies sessions for FB over wifi. In doing so, you have full access to that persons FB session, profile, messages, etc. This program also works on Twitter.

One of the basic security aspects of any site is just that security. With Sony's multiple hacks, and it being revealed they are storing passwords in plain text, it goes to show you how much security is highly taken with a lot of companies.

Though firesheep has been out for awhile, Faceniff is a new app for the Adroid phones. It currently works on just about all versions of wireless encryption. It doesn't however work phone to phone. only phone to pc. As the phones actually encrypt the data as it leaves. however the guy that made this app, states he may include ssl stripping. personally, i don't want to see that. but it's not mine.

i was able to use this app as a test with a friend at work, with his permission. took over his account and posted as him on his FB. he laughed, then said, don't do it again!! lol

i can see a lot of useful things for this. But we all know where this type of app ends up and who uses it.

one way around this, until sites like face book and twitter start encrypting session cookies is to use auto ssl to connect. since this app cannot yet connect or read the ssl sessions, that will keep you safe.

for now!


