Saturday, November 6, 2010

Attack Clients on Open Wifi - Firesheep

Keeping the theme of security rolling, I wanted to put a quick post about Firesheep.

BBQ Sheep
This is a relatively new tool, but its based on a fairly old attack method (sidetracking/session-hijacking).

Why do we care about this?  Because it's a legit attack over open WiFi that will allow a user to essentially hack your logins/passwords and gain access to your "private accounts" (i.e. Facebook, Email, etc.)

All your HTTP logins belongs to me
Slashdot and many other publications have already picked up on Firesheep, and the developer has already felt the full effects of what is known as the "security shitstorm."  The security shitstorm normally ensues when an old attack (or a new attack) becomes "easy" in the wild.  People moan and groan and bitch at the developer, mostly.  How could you do this, they say.  Why are you such an ass, other developers moan.  You're just enabling the script kiddies, all the old dudes yell.  Yeah, yeah, whatever.  Software is software, get over it.

Onto the heart of the subject, Firesheep.

Firesheep was released on Monday, November 1st, and has already been downloaded something like 500,000 times.  Firesheep is an addon to Firefox.  The addon allows you to "sniff" the open wireless network you are on (at starbucks, safeway, the airport, whatever).  Firesheep sniffs for, put simply, logon cookies.  Other users on the same open Wifi as you, that login to say, Facebook...well you steal that "logon cookie" (I'm simplifying, run with me here...).  You then use that logon cookie and gain access to whatever private site that user was logged into (i.e. Facebook).  Pretty cool eh?
Screenshot of Firesheep - Stealin Facebook Logins
Think of it this way, when you login to Facebook, and then close that tab/window/whatever...but decide 20 minutes later to go don't always have to retype your user/ you?  No, you don't.  That information and the session authentication is stored in a little piece of shit called a cookie.  Well if someone can copy that cookie, they can fake Facebook into thinking they are you.  Viola - they are now in your account.
There are limitations, of course, and I think the developer does an excellent job of explaining them on his website.  The problem essentially arises from only securing the login page and information.  I won't get into the details, because they don't really matter to most of the public.  You just need to know that your shit is vulnerable.  Maybe if I get bored I'll put a list of major websites that are vulnerable, maybe not...By the way, screw you if you don't like the dude or the I said, software is software.

You may recall me mentioning how that wonderful open wifi at the airport was not-so-good after all in an earlier post about VyprVPN.  Well, here's your proof.  Seriously folks, be careful.  I didn't mention the longer methods, that of course, are still valid...but now that Firesheep is out in the wild, it's gotten a lot easier.  I'll be posting again with some screenshots of Firesheep in action around town.  I'll also incorporate a how-to-beat Firesheep in the very near future.  Hint:  VPN
This isn't just Facebook or Flickr we're talking about here, a lot of your logins are potentially vulnerable to this type of attack.