Saturday, November 6, 2010

Attack Clients on Open Wifi - Firesheep (Part 2)

Looks like the 15 minutes of fame for Firesheep is getting extended...

Sites you can pwn using Firesheep:
  • Facebook
  • Twitter
  • Flickr
  • Yahoo! Mail
  • Windows Live
  • Hotmail
  • Google.com (not GMail)
  • Slashdot
  • Amazon
  • Newegg
  • Home Depot
  • United Airlines
  • Office Max
  • Wordpress (when not using their optional SSL)
  • More coming soon!
Why is it so easy for mass pwnage?  A lot of sites, including most social networking sites, use HTTPS only for the login form.  After that, it's all good ol' HTTP.  Also, in general, its very difficult to have persistent HTTPS, or end-to-end encryption.  So, for this type of "session-hijack" you don't even need the user/pass of the victim.  Essentially the attacker can impersonate the victim, thus taking control of the account.
In truth, Wireshark did this ages ago via the little-known-method of copy/paste :)  Turn the clock back to the beginnings of 802.11, war-driving, wep-cracking, and this type of attack was still valid.  Why all the discussion now?  Because instead of copy/paste, you get a nice little GUI and employ the uber-powerful double-click!
What does all this mean?  Whenever an attack gets easier, it tends to become more popular.  You can bet top dollar that going forward, at Starbucks, Safeways, Hotels, or wherever there is free open wifi, there will be someone running Firesheep.  Hint:  look for the script kiddie, social outcast, or the dude laughing so hard he looks like he may shit himself.
Few words of caution if you intend on "testing" this out in your neighborhood:
  • People are already doing this, so you're behind the times (see above link)
  • Most owners of open-wifi at commercial establishments have ToS (terms of service), you are likely violating those terms of service.  However, those ToS also go both ways, informing users that there can be no expectation of privacy, or liability for the store/wifi owner, should damage occur.
  • In many countries/states/counties/cities, it is illegal to sniff networks for user information unless said users authorize the action.  Check your local laws. IANAL
To finish out this post I think I'll add a short list of additional "connections/networks/protocols" that are vulnerable to Firesheep (yeah so I interchanged words that shouldn't be interchanged, sue me)
  • POP3 Mail
  • SMTP Mail
  • IMAP Mail
  • FTP
Hint:  SSL/TLS, SSH, and VPN are your friends!  Stay tuned for Part 3 that will describe how to beat Firesheep!
Posted by stoneycase at 11:19 AM
Labels: , , ,

22 comments:

  1. AdrienNovember 6, 2010 at 1:17 PM

    Looking forward to part 3, beating Firesheep is something I have more use for than using Firesheep.

    ReplyDelete
  2. gMusicNovember 6, 2010 at 1:55 PM

    wow, didn't know that it could be so easy. Great blog, you've got a new follower!

    ReplyDelete
  3. Come At Me BroNovember 6, 2010 at 2:02 PM

    This is sweet!

    ReplyDelete
  4. T.dotNovember 6, 2010 at 2:06 PM

    very nice post man, great job

    ReplyDelete
  5. hindenburgNovember 6, 2010 at 2:07 PM

    I love the illustrative pics in ur blog. Makes me giggle.

    ReplyDelete
  6. VelkonNovember 6, 2010 at 2:22 PM

    can't wait for the next post

    ReplyDelete
  7. HitchcockNovember 6, 2010 at 3:42 PM

    yeah keep it coming!

    ReplyDelete
  8. timeline1992November 6, 2010 at 4:26 PM

    nice post bro!

    ReplyDelete
  9. Monster MadnessNovember 6, 2010 at 4:32 PM

    Great info, keeping an eye out for part 3!

    ReplyDelete
  10. SikoriNovember 6, 2010 at 4:35 PM

    nice post. Followed.

    ReplyDelete
  11. AnonymousNovember 6, 2010 at 4:46 PM

    haha those images were funny

    ReplyDelete
  12. SykefuNovember 6, 2010 at 5:06 PM

    wow, that's some great text mixed with great image. nice post, keep up the good work man !

    ReplyDelete
  13. AnonymousNovember 6, 2010 at 5:13 PM

    Interesting stuff

    ReplyDelete
  14. CAE.IINovember 6, 2010 at 7:49 PM

    Great images, and interesting content, you have a new follower here as well!

    ReplyDelete
  15. RoodNverseNovember 7, 2010 at 12:41 AM

    yup i been using it for awhile i like it lol change my friends sex to female alot....

    ReplyDelete
  16. Cpt.AwesomeNovember 7, 2010 at 1:03 AM

    This is great, I love it!

    ReplyDelete
  17. El TromboneNovember 7, 2010 at 1:20 AM

    Man, this is crazy... now if only I cared about hacking someone's facebook...

    ReplyDelete
  18. NostalgistNovember 7, 2010 at 10:08 AM

    awesome! waiting for updates..

    ReplyDelete
  19. Coupons_FtwNovember 7, 2010 at 1:34 PM

    Too bad I don't have anything to hack, or this would be really useful.

    ReplyDelete
  20. What are you doing here.November 7, 2010 at 2:07 PM

    this will come in handy..

    ReplyDelete
  21. BLUERADNovember 8, 2010 at 3:23 PM

    Nice stuff, liking the layout of your blog, suits your content well

    ReplyDelete
  22. thedudeNovember 9, 2010 at 1:38 PM

    sadly this dosnt work on my campus's wifi, damn they are smart|:

    ReplyDelete

Subscribe to: Post Comments (Atom)