[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
Paul Nijjar
paul_nijjar at yahoo.ca
Wed Oct 27 18:50:22 EDT 2010
On Tue, Oct 26, 2010 at 07:02:52PM -0400, Lori Paniak wrote:
>
> Good question. Since I'm not an expert either, I did a quick look on
> the interwebs. The conclusion is that if you know the passphrase and you
> capture the initial handshake of a WPA session, then you have access to
> the entire communication stream. In a coffee-shop setting, I believe
> these conditions would be easy to fulfill.
My quick looks on the interwebs are not revealing much. Give me a URL?
The Firesheep author has a blog post that outlines what doesn't work.
Enabling WPA2 is on that list:
http://codebutler.com/firesheep-a-day-later
Here is an excerpt:
> A password-protected (WPA2) wireless network or even a wired network
> just requires that attackers perform one more step to carry out this
> attack. This might be ARP poisoning or DNS spoofing, neither of
> which are difficult to carry out. Go and download Cain & Abel and
> try it out on your network, it’s not that much harder than using
> Firesheep, and it’s been around for nearly a decade. There are other
> tools that’ve been around longer.
(I can't wait until somebody writes a Firefox extension that automates
Cain and Abel.)
I could be making some pretty bitter comments over this situation, but
I will refrain. Suffice to say that I am quite frustrated and angry
over this.
- Paul
--
http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list