Firesheep
- Thread starter Grapes Of Wrath
- Start date
http://blogs.computerworld.com/17228/firesheep_firefox_extension_opens_fire_on_sheep_browsers
this what you're talking aboot?
this what you're talking aboot?
http://www.jardinesoftware.net/2010/10/31/firesheep-whats-the-hype/
What does it do?
Firesheep takes the work out of session hijacking of many popular social networking type sites (see Session Hijacking Below). When a user logs into Facebook or many other sites, they log in via a secure connection (https
. This is, of course, to protect your password from being sent in clear text across the network for an attacker to grab. Once you are logged in successfully, many sites will switch the user back over to an un-secure connection (http. The idea here is to increase performance because there is no need to deal with the security (encryption).
Firesheep puts an easy to use interface onto a packet sniffer designed to look for specific traffic. This traffic is not Passwords, it is cookies. The tool looks for the session cookies, once the site drops back down to an un-secure channel. Once it finds the cookie it accesses the active session and pulls down an image (if available) and the user’s name from the site the cookie is for. These items are then displayed in a side bar for the user. When the user double-clicks an account, it navigates to that site as that user taking over their session.
It is important to note that this tool takes advantage of a websites inability to secure all of its traffic. If these sites implemented SSL on all pages, this would not even work.
What is the hype?
The hype is that the tool allows my mother to do something that she would normally have no idea how to accomplish. Users can session hijack with no knowledge of how that concept even works. The impact of this really depends on the site being hijacked. Some sites, like Amazon, may let you cross between secure and non-secure sessions, but to do any administrative functions for your account, you need a secure session id. This id is not available during the non-secure communications. Other sites might make you re-authenticate before doing things like changing your password, but might let you post items or send/read emails. The tool targets very well known, widely used sites. Sites like Google, Amazon, bit.ly, and Facebook are used by millions of users every day. As mentioned, some of these have a greater impact than others. Does this mean stop using the sites? No, although we need to push these operators to take security seriously and implement safeguards to protect our information.
What does it do?
Firesheep takes the work out of session hijacking of many popular social networking type sites (see Session Hijacking Below). When a user logs into Facebook or many other sites, they log in via a secure connection (https
. This is, of course, to protect your password from being sent in clear text across the network for an attacker to grab. Once you are logged in successfully, many sites will switch the user back over to an un-secure connection (http. The idea here is to increase performance because there is no need to deal with the security (encryption).Firesheep puts an easy to use interface onto a packet sniffer designed to look for specific traffic. This traffic is not Passwords, it is cookies. The tool looks for the session cookies, once the site drops back down to an un-secure channel. Once it finds the cookie it accesses the active session and pulls down an image (if available) and the user’s name from the site the cookie is for. These items are then displayed in a side bar for the user. When the user double-clicks an account, it navigates to that site as that user taking over their session.
It is important to note that this tool takes advantage of a websites inability to secure all of its traffic. If these sites implemented SSL on all pages, this would not even work.
What is the hype?
The hype is that the tool allows my mother to do something that she would normally have no idea how to accomplish. Users can session hijack with no knowledge of how that concept even works. The impact of this really depends on the site being hijacked. Some sites, like Amazon, may let you cross between secure and non-secure sessions, but to do any administrative functions for your account, you need a secure session id. This id is not available during the non-secure communications. Other sites might make you re-authenticate before doing things like changing your password, but might let you post items or send/read emails. The tool targets very well known, widely used sites. Sites like Google, Amazon, bit.ly, and Facebook are used by millions of users every day. As mentioned, some of these have a greater impact than others. Does this mean stop using the sites? No, although we need to push these operators to take security seriously and implement safeguards to protect our information.
even moar fun.... blacksheep
http://research.zscaler.com/2010/11/blacksheep-tool-to-detect-firesheep.html
kind of a lame name but nice to be able to see other firesheep users
http://research.zscaler.com/2010/11/blacksheep-tool-to-detect-firesheep.html
kind of a lame name but nice to be able to see other firesheep users
