Zscaler Develops Free Tool to Detect Firesheep Snooping

A security company has developed a free Firefox add-on that warns when someone on the same network is using Firesheep, a tool that has raised alarm over how it simplifies an attack against a long-known weakness in Internet security.

By Jeremy Kirk, IDG News
Firesheep, which was unveiled at the ToorCon security conference in San Diego last month by Eric Butler, collects session information that is stored in a Web browser’s cookie. The session information is easily collected if transmitted back and forth between a user’s computer and an unencrypted Wi-Fi router while a person is logged into a Web service such as Facebook.

While most Web sites encrypt the traffic transmitted when logging into a Web site, indicated by the padlock on browsers, most then revert to passing unencrypted information during the rest of the session, a weakness that security analysts have warned of for years, particularly for users of public open Wi-Fi networks.

Firesheep identifies that unencrypted traffic and allows an interloper to “hijack” the session, or log into a Web site as the victim, with just a couple of clicks. The style of attack has been possible for a long time, but because of its simple design, Firesheep has given less-sophisticated users a powerful hacking tool.

Zscaler’s The Blacksheep add-on, however, will detect when someone on the same network is using Firesheep, allowing its users make a more informed security decision about their behavior while on an open Wi-Fi network, for example.

Once Firesheep has intercepted someone’s session credentials for a Web site, it makes a request to that site using the same cookie values. Blacksheep plays on this by making HTTP requests every five minutes to those sites monitored by Firesheep — but using fake cookie values. If Blacksheep then detects Firesheep making a request to the site using the same fake cookie values, it can raise a warning, Zscaler said.

Security analysts have recommended that Web sites encrypt all traffic, but many sites have been unwilling to do it because of the extra processing power needed to maintain encryption. However, there has been progress: In January, Google turned on HTTPS encryption for all users of its Gmail service, where previously it had only been an option.

Other defenses against Firesheep include simply not using open Wi-Fi networks. If that’s not an option, the Electronic Frontier Foundation built a Firefox add-on called “HTTPS Everywhere,” which will automatically trigger an encrypted session with those Web sites capable of providing one. A VPN connection can also thwart attacks.

Keep fighting back

Skicat

 

 

Advertisements

About skicat56

Snow Sports Industry veteran – Husband – Father – Network IT Ninja & Former Powncer. Old enough to know better but young enough to start a new career.
This entry was posted in Firefox, Privacy, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s