Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: What you need to know about the evils of Firesheep (a gateway drug to more evil hacking)
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > What you need to know about the evils of Firesheep (a gateway drug to more evil hacking)
Security

What you need to know about the evils of Firesheep (a gateway drug to more evil hacking)

BobGourley
BobGourley
5 Min Read
SHARE


Firesheep is a great new plugin that works in the Firefox browser.  It is easy for you to install, easy to run, and gives you, and just about anyone else, the power to do pure evil using just your browser and a laptop.

With this post I’ll explain some of this evil and offer some thoughts on what it means for CTOs.

First a bit about the code itself, from the author:

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.

It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new “privacy” features in an endless attempt to quell the screams of unhappy users, but what’s the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

The author of this code has done the entire community a service.  Sites like Facebook can build in better ways to secure user login information and can also do a better job of educating users on the dangers of passing their login info in the clear.

Here is my experience with Firesheep:

  • Like many others I learned of this through my social media friends (Thanks Chris and Kirby).
  • I downloaded it and installed it on my home computer and tested it on my own encrypted LAN to see what it could see from computers on my own network.  It was incredibly easy to load and use and I saw results almost instantly.  Websites that were open in other windows on other computers that needed to authenticate for any reason caused events where login info was captured.  When it is captured, you just click on an icon and the system logs you into the captured account.
  • I put it on my laptop and took it to a Virtualization, Cloud Computing and Green IT conference.  When I joined the open LAN at the Hyatt.  A couple logins were returned.
  • Testing the environment at Barnes and Noble returned far more results.  Dozens of logins of my fellow coffee drinkers were returned.  All it would take would be one click of my mouse and I would be in their Facebook accounts, reading messages, sending messages, changing photos and doing other evil.  I didn’t, of course, but the fact is I could have.

So, what should CTOs know about Firesheep?

  • I recommend any techie or security professional download it yourself. It will be good to see how it works.
  • Review of the site of Eric Butler at: http://codebutler.com/firesheep It is very educational and worth a review.
  • I would also recommend every reader of this blog think through what non techies you should tell about this and what you should say.  We should all warn our families and friends not to use public wifi without protection.  There are ways to protect yourself using proxy, for example, but the best way is probably to travel with your own comms (I use a MiFi).

Thoughts?

 

Firesheep screengrab from http://codebutler.com/firesheep

TAGGED:hacking
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive
AI and data mining
What the Rise of AI Web Scrapers Means for Data Teams
Artificial Intelligence Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

big data and black hat seo
Big DataITSecurity

Big Data Makes Black Hat Hackers More Terrifying Than Ever

11 Min Read

Social Engineering — Hacking by Asking

9 Min Read

Updates on Dronegate

6 Min Read

Phone Hacking Scandal Reinforces the Value of Basic Information Security

4 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?