FireSheep – What you need to know

On October 24, 2010 a new extension for Mozilla’s Firefox web browser was released to the public.  This Firefox extension, known as “FireSheep” has become quite the hype, in a short amount of time.  The new extension exploits a vulnerability in the way web servers pass unencrypted HTTP cookies to a web browser.  Formerly, exploiting this vulnerability took a moderate amount of technical skill to perform.  By using the FireSheep Firefox extension, however; it has been made available to the typical user.  Below you will find answers to some of the most commonly asked questions about this exploit:

How does it work?

The FireSheep Firefox extension performs a network attack known as “Session Hijacking”.  Session Hijacking is a network attack that takes advantage of the passing of unencrypted HTTP cookies from a web server to a web browser.  By performing a packet capture of unencrypted HTTP network traffic an attacker can capture a valid token session, or “Session ID”, and then use that Session ID to gain unauthorized access to an unsuspecting user’s web browser session.   An attacker who performs session hijacking is able to gain unauthorized access to another user’s browser session and use the session as if they are the authenticated user.  FireSheep is capable of transparently performing this attack for an attacker.

What makes me vulnerable?

Browsing the Internet on an unencrypted (unsecured), wireless network, or using HTTP that is unencrypted can make you vulnerable to the Session Hijacking attack.  This includes going to unsecured wireless hotspots at coffee shops, hotels, and restaurants.  FireSheep is specifically designed to work with the following websites when it is downloaded:

  • Basecamp
  • Cisco
  • CNET
  • Dropbox
  • Enom
  • Evernote
  • Facebook
  • Flickr
  • Foursquare
  • GitHub
  • Google
  • Gowalla
  • Hacker News
  • Harvest
  • New York Times
  • Pivotal Tracker
  • Toorcon:San Diego
  • Slicehost Slice Manager
  • Twitter
  • Windows Live
  • WordPress
  • Yahoo
  • Yelp

Visiting the listed sites on an unencrypted, wireless network puts you at risk, however; the program has the ability for developers and attackers to add more sites of their choosing, and the list of sites is growing daily.  Bottom line, using an unencrypted, wireless network to browse your personal information and sites is NEVER a good idea.

What prevents me from being vulnerable?

Encryption.  HTTP traffic that is encrypted cannot be hijacked using this extension.  If a web URL has “https:” in front of it, that means it is an encrypted connection.  Most website login pages will be encrypted and will have “https:” in the URL.  The issue with most sites is that the website goes back to an unencrypted state once your credentials are entered.  This is where the attack takes place.  Using an encrypted (secured), wireless network is also good practice.  By using an encrypted, wireless network, the chances of this type of attack are dramatically reduced.

What is encryption?

Encryption is the process of taking information that would typically be readable by humans, and applying an algorithm to it, which causes it to be unreadable by those that do not possess the key to decrypt it.  Remember those cool cryptographs as a kid?  It’s the same general concept.

Why was this Firefox extension created?

The creator of FireSheep, Eric Butler, did not have a malicious intent when he created the extension.  The extension was created to build awareness of the Session Hijacking vulnerability.  His hope is that website owners will begin to encrypt all HTTP traffic.

The Information Technology Department at OTC is taking necessary precautions to create the safest browsing environment possible for our students, faculty, and staff.  As of today, October 29, 2010, all Blackboard traffic will be encrypted, in order to protect students who use Blackboard on our “Stunet” wireless network.  For the long term, the solution to this issue is for website owners to take responsibility and begin encrypting all of the traffic coming from their web servers.  For the short term, we as users need to take some responsibility of our own.

REMEMBER: When using unencrypted (unsecured), wireless networks, whether at OTC or elsewhere, use caution and good judgment. You never know who might be listening.

Additional Reading: