Connect with us

Hi, what are you looking for?

Web

FireShepherd Unleashed to Counter FireSheep Attacks

Prev1 of 2
Use your ← → (arrow) keys to browse

And so, let the plug-in/counter-plug-in war commence! In the past week or so, there has been a lot said and written about FireSheep attacks in Cyberspace particularly in relation to public wireless networks which have generally been perceived as safe by most users in the past.  When recently, it was announced that Google accidentally collected emails, usernames and passwords with its Street View cars, one would not have thought we would be talking about a similar incident so soon afterwards. Although stealing passwords is not exactly a new phenomenon, for example, ARP spoofing, which allows data to be surreptitiously routed through a rogue computer on a network has been known to be exploited for over a decade. However, what makes FireSheep different from these other point-and-click tools and login-hijackers is its simplicity and the fact that it does not require significant technical knowledge on the part of the user.

What is FireSheep?

FireSheep is a free, open-source Firefox add-on or plugin that was created by a Seattle-based software developer known as Eric Butler to allow anyone to scan unprotected/open WiFi networks and spy on activities of other users of that network who are logged into 26 major Web  2.0 Websites such as, Amazon, Facebook, Foursquare, The New York Times, Evernote, Dropbox, Windows Live, Twitter, Google, Bit.ly, Flickr, Amazon and so on. In other words, FireSheep, allows anybody to impersonate others by hijacking their session cookie.

FireSheep Screen Shot

Screenshot 1 of FireSheep

Recently announced by Butler at the Toorcon 12 security conference, the plug-in is simple, user-friendly and works on Mac OS X, Windows with the Linux version reportedly on its way.
After installation, FireSheep adds a sidebar to the Firefox browser that captures login data and shows when anyone on an open network such as, an Airport or Coffee shop, visits an insecure site and consequently a simple double-click gives instant access to the logged-on sites.

How Does FireSheep Work?

FireSheep takes advantage of poor security on the part of the Websites that rely on cookies for authentication. While a user’s initial username and password details may be protected by means of SSL encryption, the cookie the site uses after a successful login is usually not protected or encrypted. This leaves the cookie vulnerable and as a result, in just a single click over an open WiFi connection, the unprotected cookie can be hijacked over the user account for that session.

A cookie consists of a small bits of information stored on a user’s computer by a Web browser that helps to keep login sessions going. It keeps the user logged in without having to identify him/herself again.

Therefore, it means that anybody with that cookie, from the same IP address such as a public WiFi hotspot at Airports and Coffee shops can pretend to be the user thus making it easy to intercept any session that is displayed in the FireSheep sidebar.

Limitations of FireSheep

Like every other HTTP session hijacking, while the hacker can access and use his victim’s cookies to browse a site such as Facebook, it is unlikely to expose the user-password. Thus, the account cannot be stolen by changing the user-password.

Go To Page 2

Prev1 of 2
Use your ← → (arrow) keys to browse

Written By

Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!

3 Comments

3 Comments

  1. Pingback: Tweets that mention FireShepherd Unleashed to Counter FireSheep Attacks

  2. Find a Free Cell Phone

    November 2, 2010 at 10:07 pm

    Sounds to me like the Firefox plug-ins would probably be your best bet. I don’t know how much I would trust something designed by a college student in Iceland.

  3. Computers Smart Phones Technology

    November 4, 2010 at 7:33 pm

    I will download it for a test, to know how it works. Thanks for sharing it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like

Digital Marketing

Users who have navigated to the Google homepage on their mobile device recently may have noticed something a little different. Traditionally, Google’s front page...

Digital Marketing

Google’s Answer Box is creating a new challenge for SEOs. Here’s how to structure your content to make it work for you. To optimise...

Tech

Owners of any iPad model may notice that their device does not run as smoothly and as quickly as they would like from time...

Digital Marketing

According to SEO experts, five billion searches are performed every day. These are five billion potential leads for your business. Of course, you don’t...