Unless you’ve been hiding under a rock for the past few days, you are probably well aware of the recent activity around a new Firefox extension developed by a pair of researchers that brings the issue of session hijacking front and center. The duo behind this extension, Eric Butler and Ian “craSH” Gallagher, developed the software in order to demonstrate the vulnerabilities inherent in many web sites that don’t fully implement encryption. The browser extension, dubbed “Firesheep“, essentially enables an attacker to grab other people’s credentials and use them to gain access to various web sites.
Continue reading “The Misconceptions of Sidejacking with Firesheep”