Firesheep susceptibility

Question

Level 1

4 points

Firesheep susceptibility

Does anyone have any info on Firesheep, the new hackers' tool? Is there any susceptibility vis-a-vis Safari?? Any protective solutions???

I appreciate any info. Thanks in advance. 🙂
--
Mick

iPhone 3GS, iOS 4

Posted on Nov 9, 2010 9:59 AM

Reply

Answer 1

celliott147

Level 6

12,600 points

Nov 9, 2010 10:04 AM in response to mickBelker

Yes, safari on iOS devices is compromised by firesheep... Your best bet is to continue using 3G data even when at a public wifi hotspot...

Reply

Answer 2

DaVBMan

Level 6

9,292 points

Nov 9, 2010 10:09 AM in response to mickBelker

Firesheep is a Firefox plug in used by hackers that will packet sniff the network they are on (hence it's use on open Wifi spots like at Starbucks). It can can easily be used (trust me, I tested it, a script kiddie can do it) to pick up and steal an authenticated session from many popular sites (social sites, shopping sites, etc), thus if you are on an open wifi network and lets say browse to Amazon to go buy something, when you log in, they can capture your session and also log in as you and thus shop under your account. If you go to lets Say Facebook, they too can then access your account. If you log off your session, their session will also die but that is you actually clicking the logoff option on the site.

There isn't much you can do about it and yes it is doing packet sniffing of the network so doesn't matter what browser you use, it is an issue with just how web traffic is and sites and sessions.

Same rules apply as they always do, when using a publicly open network, DON'T sign into anything.

Reply

Answer 3

varjak paw

Level 10

182,680 points

Nov 9, 2010 10:30 AM in response to DaVBMan

At the very least don't use any site that doesn't use full HTTPS/SSL encryption, something that most financial sites, and I believe Amazon once you go to log in, do. Best practice is to be on a secured WiFi network, though, as you say.

Regards.

Reply

Answer 4

Nov 9, 2010 11:20 AM in response to mickBelker

On the desktop, you can install a plug-in(Force TLS) for Firefox that forces websites to use SSL encryption throughout the entire session if that site supports it. Facebook normally uses SSL encryption only when you initially sign in. After that, it drops to unencrypted sessions. This is bad because facebook uses cookies to verify your identity every time you change pages on facebook and if sent over unencrypted networks, can easily be sniffed. At this moment, there are no plug-ins that I know of that support Safari on the desktop or iOS.

To be safe, don't sign in or visit websites that transmit personal information unencrypted while connected to public wi-fi sites.

Reply