How the Stranger at Starbucks Can Steal Your Facebook Account

Stop into almost any coffee shop in New York and you’ll see dozens of strangers sharing the same unsecured WiFi network.

If you had Firesheep, you could see every time one of these folks signs onto an unsecured site like Facebook or Twitter, than grab their username and password for yourself.

Read Write Web profiled Firesheep today, and the details are startling.

Anyone who logs into a site like Facebook creates a cookie that contains their username and password. This isn’t true for secured sites, like the login to your bank account.

Firesheep was developed by Eric Butler, a freelance software developer from Seattle, who wrote on his blog, “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”

This kind of hacking, known as “sidejacking”, was technically possible before, but Firesheep makes it easy for even the computer illiterate prankster to pull it off in matter of minutes.

“Facebook is constantly rolling out new ‘privacy’ features in an endless attempt to quell the screams of unhappy users,” writes Butler. “But what’s the point when someone can just take over an account entirely?”

bpopper [at]


Hacking with Firesheep is as simple as:


firesheep 1


firesheep 2


firesheep 3 How the Stranger at Starbucks Can Steal Your Facebook Account