Firesheep Makes Facebook Hacking Easy

Recently a new firefox addon Firesheep have been a cause of thousands of email accounts, with Firesheep the hacker can control any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account

What is Session Hijacking?

In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account

How can a Hacker use Firesheep to Hack a Facebook or any other account?

Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:

• Public wifi access
• winpcap
  
• Firesheep(Download)

Method

1. First of all download "Firesheep" from the above link and use the "openwith" option in the firefox browser

2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep

3. Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly

Read More

Getting started with 2-step verification

How it works

Why you should use 2-step verification
2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone – as well as your username and password – when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can't sign in to your account because they don't have your phone.


How you sign in with 2-step verification
1. When you want to access Google products from your browser, go to that product and enter your username and password.

2. You'll next be prompted to enter your verification code, which you'll get from your phone. You'll only have to do this once every 30 days if you so choose.

3. Soon after you turn on 2-step verification, non-browser applications and devices that use your Google Account (such as Gmail on your phone or Outlook), will stop working. You'll then have to sign in using your username and a special password you generate for this application. (Don't worry, you'll only have to do this once for each device or application.)

What you’ll need
While 2-step verification requires some web savvy, you only need a few basic items:

1. A phone that is usually available to you when you sign in. This could be:
• A standard phone (landline or mobile)
• Any Android device, BlackBerry device, iPhone, iPod Touch, or iPad that can run the Google Authenticator application
2. A backup phone that you can use if you lose access to your primary phone. This could be:
   • A work or home phone (landline or mobile)
   • The phone of someone you trust, like a friend or family member.

How to get started
Go to your Accounts settings page and look for the Using 2-step verification link. If you have the link, click it and start the setup process.
If you do not see the link and you are a Google Apps user, you might have to access the 2-step verification setup through a special URL. It is also possible that your domain administrator has not yet set it up for your organization. Check with your domain administrator to find out.

[This post is originally posted @ google]

Read More