Sorry for the lack of updates recently, I've been rather busy, but I've got a few posts in the pipeline!
Anyway, I've been having a bit of fun trolling my friends with DroidSheep today. DroidSheep is an app for Android that can hijack the sessions of other users on a wireless network. A better explanation is on the DroidSheep website:
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
It's similar to the Firesheep Firefox extension and although it isn't the first session hijacker for Android as Faceniff does the same thing, it can hijack more services than Faceniff. DroidSheep is very easy to use, it literally takes 2 button presses and you've hijacked someones Facebook/Twitter/Amazon/whatever account.
It is quite worrying how easily it can hijack sessions. But one way to prevent hijacking is to enable HTTPS on each of your services or to use a VPN.
You can get DroidSheep here.
