Let’s Pull the Wool Over Your Eyes

Recently a tool called “Firesheep” was released. Firesheep makes it so that virtually anyone can hijack Facebook, and some other accounts when they are being used on unsecured public wireless networks. Firesheep takes advantage of the fact that Microsoft, Facebook, Twitter, Yahoo, and scores of other companies really couldn’t care less about your privacy or security. After Firesheep came Idiocy which was probably vainly named, but hasn’t seemed to catch on much. Idiocy automatically commits crimes by actively hijacking Twitter accounts and tweeting, where Firesheep requires the user to choose to hijack an account.

The first response to Firesheep was a tool called FireShepard which allegedly exploits a bug in Firesheep and kills the tool when it is running on the same network. If you read the information provided by the author, he actually tells you something that you need to know… Killing Firesheep does not make you safe. Firesheep only makes an attack called session hijacking very, very easy, but the attack has been around and used extensively for years. FireShepard is a pretty bad idea. It floods someone else’s network and can be used to attack innocent people. I run Firesheep on my laptop for two reasons. I like to see when some of my data is being exposed, and if I see a session I could hijack, then I endeavor to find legal means to alert the person that they are at risk, but I do not hijack their accounts. FireShepard deliberately attacks my computer and I have a hunch it is in a legal grey area. It might be illegal.

Now I read of a tool called BlackSheep. BlackSheep is a Firefox add-on that alerts you when someone else on the same network is using Firesheep. What an utterly useless tool BlackSheep is. The problem is not that someone is using Firesheep. There are two problems and BlackSheep does nothing to address either problem.  One problem is that if you use an unsecured wireless access point, then you need to know that ALL of your data that is not being sent over https or through a VPN is wide open. It doesn’t take Firesheep, WireShark and other tools work just fine. The other problem is that any site requiring a password should be using https for the entire session or else figure out a secure way to keep you logged in, which currently they do not do. A truly useful tool would not alert you that Firesheep is running, it would alert you that you are using an unsecured wireless access point and transferring data that is not encrypted. I don’t need Firesheep to read your Yahoo email or Hotmail if we are on the same unencrypted network.

BlackSheep is called a countermeasure for Firesheep, but focusing on Firesheep is really pulling the wool over your eyes, the problem is a lack of encryption where encryption needs to be.

Randy Abrams
Director of Education
Cyber Threat Analysis Center ESET LLC

Author ESET Research, ESET

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

36 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.