How I hacked your Facebook account

Imagine someone got on the loudspeaker at the Denver International Airport and started yelling out over and over again, “my Facebook username is Johnny@gmail.com and my password is jerky123”.

Now the next day when everyone in their mom logged into his account, he would claimed he got hacked. But did he?

Guess what. Every time you are using a public wifi network, password protected or not, you are shouting to the world your username and password to every website you use that is unencrypted.

Right now, as I write this, I am sitting in the denver airport. Its pretty much dead right now. I can see maybe 100 people in the entire terminal.

I just fired up FireFox with the FireSheep extension. Within seconds I have access to various peoples Gmail, Facebook, Yahoo, Hotmail. Amazon, Hotmail, and virtually every possible service known to man.

Keep in mind FireSheep is just a Firefox plugin (Google it) that has been downloaded millions of times. This plugin is totally passive network monitoring at its easiest. Its been pre-programmed to sniff for certain usernames of passwords for pre-defined sites.

There are TONS of tools that will show you a lot more stuff.

As you can see here I accessed someones Facebook account… read some messages. Its great for passing spare time:

Google accounts are just as easy to get into using the brainless Firesheep extension. I don’t ever do anything malicious… Just maybe set people’s search results to Vietnamese or something:

If you are using a public network of any kind, wifi or not, expect many people see everything you are doing.

You didn’t just get hacked. You are yelling to anyone that can hear you your username and passwords.

So how do you become more secure? Well for starters you should always tunnel your traffic through a ssh connection, vpn, or another secure method.

But I know 99.9% of my readers probably don’t know what a VPN is much less will be able to configure one.

So lets start with the basics.

To make your Gmail account secure change this setting:

To make all your Google Searches secure use this – https://www.google.com (I set it as my homepage).

To make your Facebook surfing secure change this setting in your account preferences:

:

Any place you are not using https:// in the front of the url you are at you should expect everyone is watching what you are doing.

Keep in mind this was at a airport where nobody was using computers….

Imagine what I see at a internet conference…..

119 Comments