[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Paul Nijjar paul_nijjar at yahoo.ca
Wed Oct 27 18:50:22 EDT 2010


On Tue, Oct 26, 2010 at 07:02:52PM -0400, Lori Paniak wrote:
> 
> Good question.  Since I'm not an expert either, I did a quick look on
> the interwebs. The conclusion is that if you know the passphrase and you
> capture the initial handshake of a WPA session, then you have access to
> the entire communication stream.  In a coffee-shop setting, I believe
> these conditions would be easy to fulfill. 

My quick looks on the interwebs are not revealing much. Give me a URL?

The Firesheep author has a blog post that outlines what doesn't work.
Enabling WPA2 is on that list:

http://codebutler.com/firesheep-a-day-later

Here is an excerpt: 

> A password-protected (WPA2) wireless network or even a wired network
> just requires that attackers perform one more step to carry out this
> attack. This might be ARP poisoning or DNS spoofing, neither of
> which are difficult to carry out. Go and download Cain & Abel and
> try it out on your network, it’s not that much harder than using
> Firesheep, and it’s been around for nearly a decade. There are other
> tools that’ve been around longer.

(I can't wait until somebody writes a Firefox extension that automates
Cain and Abel.)


I could be making some pretty bitter comments over this situation, but
I will refrain. Suffice to say that I am quite frustrated and angry
over this. 

- Paul

-- 
http://pnijjar.freeshell.org 





More information about the kwlug-disc mailing list