5

In the SU chat yesterday is was raised that the newly released FF plugin Firesheep makes it very easy (obviously it was already possible, just difficult) for an attacker to session sidejack another user.

This is achieved by copying the sessions cookies from any http transmission that the attacker can see, and then using them to connect to the relevant website and impersonate the target user - this works extremely well on unsecured wireless networks where all packets can be read by anyone within range, but will work in other network configurations as well.

So, from the end-user perspective, what practical measures can be used to protect oneself from this kind of attack?

Ivo Flipse
  • 24,894
DMA57361
  • 18,793

4 Answers4

4

The best solution would be to use an encrypted connection from point to point. That is not always an option though because some websites do not offer HTTPS on all parts of their website, such as Facebook, they only offer full HTTPS at the login screen but nowhere else. This still allows attackers to capture the victims session and hijack it.

As mentioned in another answer, you can use a SSH tunnel or VPN to a trusted location if you are currently in a hostile environment that you do not trust, this would then allow you to have an encrypted connection inside of that network so then they cannot decypher your traffic, although they can still capture it.

There are some addon's available for Firefox for greasemonkey and other addons that will change all the links on a page from http to https which will force some more encryption, but the real problem lies on the websites end, where they should offer a secure connection without you having to do it manually.

EDIT: A tool has been released to flood running FireSheep users on your network, here.

qroberts
  • 5,329
4

BlackSheep

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:

enter image description here

Gareth
  • 19,080
Sathyajith Bhat
  • 62,374
2

Refusing to use open wireless networks is a start. When you HAVE to, encrypting all data using VPN, SSH tunneling, and similar tools is a good idea. Never explicitly trust an unknown network.

Journeyman Geek
  • 133,878
1

Use firefox extensions that force SSL mode (like “HTTPS everywhere” or “force tls”).

Benoit
  • 7,113