• cbarrick@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    ·
    11 months ago

    Back in undergrad, before Facebook went HTTPS only, I would setup “free wifi” and steal people’s cookies for shits and giggles. Use the cookies to authenticate with FB and send random messages to people.

    Looking back, I probably shouldn’t have been doing that. Definitely illegal.

    • AwkwardLookMonkeyPuppet@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      11 months ago

      They were just barely starting to get serious about legislating cyber security, so you were only maybe breaking some laws. I remember in the 90’s it was a lawless land. There were no laws against hacking, or at least none that anyone understood, and most sites had terrible security. I gained access to someone’s Hotmail once just by trying “anon/anon” as a user/pass combo. I also used to gain access to e-commerce customer databases just by googling certain SQL strings. I’d poke around and then send the webmaster an email letting them know their site was vulnerable.

      • Hasherm0n@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        Firesheep!

        That plugin and others that came after, was one of the things that finally got websites to start using https on everything, not just the log in page.