FaceNiff app for Android puts Facebook hacking in the palm of your hand (and we tell you how to avoid it)
By Tim Hanlon
June 2, 2011
We brought news of Eric Butler's Firefox extension for HTTP session hijacking called Firesheep back in October last year, but if you haven't already taken steps to ensure your privacy and security online, we hope this does the trick - FaceNiff is a new Android app that can be used to hijack sessions on public or private Wi-Fi networks without needing to lug around a laptop.
FaceNiff currently "supports" Facebook, Twitter, YouTube, Amazon and Nasza-Klasa (a Polish social network), though more services are promised. Thankfully, the app only works on a select few handsets and requires jailbreaking, so it's not a complete free-for-all just yet.
Regardless of exactly how many people are using these tools, you should be protecting yourself - waiting until you get hacked could be incredibly embarrassing or even costly. Facebook and Twitter both allow you to enable secure HTTP sessions as default, which renders tools like these useless.
On Facebook, go to the Account menu, select Account Settings, press "change" next to Account Security and tick the Secure Browsing (https) box.
On Twitter, go to your Account Settings and tick the HTTPS Only box.
One surefire way to use all your favorite websites on public Wi-Fi without concern is to invest in a virtual private network (VPN) service like StrongVPN. This allows you to tunnel all your network activity over an encrypted connection, safe from tools like Firesheep and FaceNiff, and has the added bonus of bypassing censorship if you're in one of those countries.