[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Khalid Baheyeldin kb at 2bits.com
Wed Oct 27 19:56:16 EDT 2010

On Wed, Oct 27, 2010 at 6:50 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:

> On Tue, Oct 26, 2010 at 07:02:52PM -0400, Lori Paniak wrote:
> >
> > Good question.  Since I'm not an expert either, I did a quick look on
> > the interwebs. The conclusion is that if you know the passphrase and you
> > capture the initial handshake of a WPA session, then you have access to
> > the entire communication stream.  In a coffee-shop setting, I believe
> > these conditions would be easy to fulfill.
> My quick looks on the interwebs are not revealing much. Give me a URL?
> The Firesheep author has a blog post that outlines what doesn't work.
> Enabling WPA2 is on that list:
> http://codebutler.com/firesheep-a-day-later
> Here is an excerpt:
> > A password-protected (WPA2) wireless network or even a wired network
> > just requires that attackers perform one more step to carry out this
> > attack. This might be ARP poisoning or DNS spoofing, neither of
> > which are difficult to carry out. Go and download Cain & Abel and
> > try it out on your network, it’s not that much harder than using
> > Firesheep, and it’s been around for nearly a decade. There are other
> > tools that’ve been around longer.
> (I can't wait until somebody writes a Firefox extension that automates
> Cain and Abel.)
> I could be making some pretty bitter comments over this situation, but
> I will refrain. Suffice to say that I am quite frustrated and angry
> over this.

On VPNs he says:

Use a VPN/SSH Tunnel (Without known risks)
> While we metnioned that VPNs and SSH tunnels can be helpful just above
> this, we want to emphasize that it’s just pushing the problem to that VPN or
> SSH endpoint. Your traffic will then leave that server just as it would when
> it was leaving your laptop, so anyone running Firesheep or other tools could
> access your data in the same way.
True, in theory.

In practice these are wired connection at the other end, and Firesheep is
useful there. Even with a physical connection, switches do not allow one
port to see traffic to others anymore like in the old day hubs.

> These are solutions that require at least some understanding of networking
> and risks at hand. A blind suggestion of “Use a VPN” doesn’t really solve
> the problem and may just provide a false sense of security.

The issue is your end in the case of Firesheep.

The "other end" has always been an unknown quantity, and so far, and
acceptable risk.

Until we have end to end encryption on ALL connections, there is no other

> Another problem with VPNs is that they don’t work all the time. Sometimes
> they just disconnect, and your traffic is all routed over your normal
> interface without any notice. The built in VPN clients on OSX, the iPhone,
> and iPad are particularly bad at this.
That is indeed a problem. Is this Apple specific (so far)?
Khalid M. Baheyeldin
2bits.com, Inc.
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20101027/16f63b2e/attachment.html>

More information about the kwlug-disc mailing list