Posted by: kurtsh | October 30, 2010

INFO: "Firesheep" – A good reason to always access the Internet using a VPN

It’s often trivial to hijack someone’s session between themselves and a non-SSL’ed web site over an unencrypted, non-VPNed pipe after the initial authentication is completed.  Most of the time the communication, after the initial user authentication, is in the clear.

Facebook, Twitter, Flickr all for example, can be easily hijacked using a simple Firefox browser plugin called “Firesheep” that was announced in San Diego a week ago:


ABOVE:  Firefox for Windows using the FireSheep Plug-in after it’s detected unencrypted sessions between Google, Facebook & Twitter, completely hijacks a Facebook session.

It’s made it “script-kiddie simple” to hijack (READ: Impersonate) someone else’s fully logged in web browsing session with a web server on the Internet.  The steps are simple:

  1. Install Firesheep
  2. Connect to a network using the Firesheep sidebar.  A list of open users with insecure connections will be displayed.
  3. Double click on a user.  Everything they see, is now on your browser.  You have full control over their session.

You can now submit Tweets on their behalf, Facebook updates, photos into Flickr, etc. etc.  NOTE:  This requires a network adapter (wireless) that may need to be switched to “promiscuous mode”, a driver setting for the NIC.  It also doesn’t appear to work on Windows 7 x64 or Windows XP in a virtual machine.

MORALDon’t use public networks without establishing a VPN first.  This goes for surfing, emailing, using applications with their own Web APIs like TweetDeck or MetroTwit, etc.


%d bloggers like this: