Back in undergrad, before Facebook went HTTPS only, I would setup “free wifi” and steal people’s cookies for shits and giggles. Use the cookies to authenticate with FB and send random messages to people.
Looking back, I probably shouldn’t have been doing that. Definitely illegal.
They were just barely starting to get serious about legislating cyber security, so you were only maybe breaking some laws. I remember in the 90’s it was a lawless land. There were no laws against hacking, or at least none that anyone understood, and most sites had terrible security. I gained access to someone’s Hotmail once just by trying “anon/anon” as a user/pass combo. I also used to gain access to e-commerce customer databases just by googling certain SQL strings. I’d poke around and then send the webmaster an email letting them know their site was vulnerable.
Back in undergrad, before Facebook went HTTPS only, I would setup “free wifi” and steal people’s cookies for shits and giggles. Use the cookies to authenticate with FB and send random messages to people.
Looking back, I probably shouldn’t have been doing that. Definitely illegal.
They were just barely starting to get serious about legislating cyber security, so you were only maybe breaking some laws. I remember in the 90’s it was a lawless land. There were no laws against hacking, or at least none that anyone understood, and most sites had terrible security. I gained access to someone’s Hotmail once just by trying “anon/anon” as a user/pass combo. I also used to gain access to e-commerce customer databases just by googling certain SQL strings. I’d poke around and then send the webmaster an email letting them know their site was vulnerable.
Firefox had a plug in for it!!
Firesheep!
That plugin and others that came after, was one of the things that finally got websites to start using https on everything, not just the log in page.
https://xkcd.com/792/