Hackers claim that social notworking site Facebook is pulling the wool over users’ eyes when it claims to have fixed the Firesheep hack.
Yesterday the social notworking site claimed it had made a security tweak that can kill off the Firesheep wireless networking attack which was penned by security researcher Eric Butler.
Facebook’s answer to this was to allow users to sign on using an HTTPS secure Web connection – this also encrypts the data sent between the PC and Facebook so that it can’t be sniffed in a wireless hack.
However, according to some comments we have seen on certain dodgy hacking sites, the change to HTTPS will not do much to stop the wave of killer sheep hacks.
One hacker told us that Firesheep is not particularly interested in your initial login attempt and worked by stealing the cookie that contains your browsing session afterwards.
The cookie is sent unencrypted on every HTTP request when you browse Facebook. So Firesheep will work until Facebook encrypts its cookies.
If he is right, it seems that Facebook has protected the wrong end of the networking transaction. Shutting the wrong door and allowing the sheep to bolt out of the one it was always planning to leave by.