Saturday, June 11, 2011

Securing your Twitter account from password sniffers

One of my previous posts features sniffing Facebook passwords through Android phones, and how to prevent this.
I went through Twitter to find out how to secure a Twitter account, and it was relatively easy for me to find the https switch.
Just navigate over to your Twitter settings, and under the Account tab scroll all the way to the bottom. Then check the HTTPS checkbox. Very easy!

Enjoy!
Posted by at No comments:

Sniffing Facebook passwords (and other popular services)

It would seem very unlikely for a hacker to be sitting on your local network, stealthily stealing passwords using scripts through Wireshark or sifting through your files. But with the new Android program FaceNiff, password sniffing becomes a very real possibility.

FaceNiff can be downloaded straight off the internet onto an Android phone, and with the press of a button it will start 'sniffing' passwords off Facebook, Twitter, Youtube, Amazon and Nasza-Klasa from the local network. I decided that this was too easy to be true, and gave the program a shot. Sure enough, within seconds I could gain access to Facebook accounts. By pressing one of these accounts, you are taken to their Facebook home page, and I even tested it out by posting as my friend. Everything worked perfectly!

Of course, with any Android user now having the ability to gain access to Facebook, this brings up the issue of security. Not only is this application extremely easy to use, it has made hacking portable, and thus increases the risk exponentially.

To prevent an Android user from gaining access to your Facebook, you can increase the security of your Facebook account simply through the account settings.
1. Log onto Facebook.com

2. In the upper right-hand corner, click on 'Account' and press 'Account Settings' from the drop-down menu

3. Look for "Account security" and press the 'change' button to the right. Then scroll down and ensure that the checkbox next to 'Browse Facebook on a secure connection (https) whenever possible' option is checked, and press save.

You're done! You will know if this setting is activated if the URL shows 'https://www.facebook.com'

This should prevent hackers from sniffing your password on Facebook, and thus gaining access to your account. I haven't played around with the other popular services, but I know there is a Firefox extension for helping out with securing your connection whenever possible called HTTPS Everywhere. I don't use Firefox though, so I hope something similar will eventually be rolled out to Google Chrome.

Note: All password sniffing was done with the permission of my local network group.
Posted by at No comments:
Subscribe to: Posts (Atom)