Shearing Firesheep

Thanks to the Firefox plug-in Firesheep, anyone today can snoop on anyone else on the same network. Worst still, Firesheep enables any user to seamlessly hijack another user's Web session. Programs are beginning to show up that will block Firesheep from looking over your shoulder. That's the good news. The bad news is that the ones I've seen are Firefox specific and they don't deal with the problem's root causes.

I've also been finding that even now many people don't really understand just how dangerous Firesheep can be in the wrong hands. Sure, a network hacker could always WireShark or another professional-level network sniffer tool to see what you were doing and harvest your user IDs and passwords, but Firesheep lets anyone do it.

Oh, and this may sound hopelessly simple to some of you, but you only need Firefox to run Firesheep. If someone is watching you with Firesheep, it doesn't matter what browser or operating system you're running or whether they're up to date with their patches. Someone with Firesheep can watch you no matter what you're using on your PC, tablet, or smartphone if your network connection isn't secure.

In addition, people seem to think that Firesheep just enables trouble-makers to just read what you're doing. Wrong. With Firesheep, your Web session can be hi-jacked, aka sidejacked. Firesheep doesn't do this by simply copying your ID or password. Those might well have been protected by Secure Socket Layer (SSL) when you first connected to a site. No, what Firesheep does is it copies your session cookies that you used on authenticated websites. So if you first connect with a site using SSL, but then start using an unprotected connection, which is common, Firesheep can use the session cookies to impersonate you on the hijacked connection.

That should worry you. Maybe you don't care if someone reads what you just had for lunch on Facebook. I know I wouldn't. But, what about if someone read your business e-mail? What if someone started sending bogus tweets to your Twitter followers? I'd care. Wouldn't you?

You can do a lot of things to block Firesheep, but most of them aren't that easy to do. The ones that are easy to do, like the Firefox HTTPS Everywhere and Force TLS browser extensions, only work if the Web sites you're connected to support Transport Layer Security (TLS) or SSL. Fortunately more sites, like Hotmail and other Microsoft services, are now offering to let you use secure Web connections.

In addition, tools are beginning to appear, like BlackSheep from ZScaler that can detect Firesheep.

BlackSheep works by creating 'fake' session ID information and then watches traffic to see if the bait has been talen. If Firesheep is active, BlackSheep will spot Firesheep trying to use the fake session information. After that, you're on your own. The smart thing to do is to get off that network. Or, you could try FireShepard, an open-source Windows program that floods the local Wi-Fi network with junk characters designed to crash Firesheep. Of course tossing junk into the local LAN might not win you friends and fans with other users or the network administrator.

Currently, BlackSheep runs on Mac OS X: 10.5 or newer on an Intel processor and Windows XP or later with Winpcap installed first. A Linux version will soon be out. The program will run on the 32-bit versions of Firefox 3.5x and 3.6x.

If you're using Chrome, Internet Explorer, or some other popular Web browser, you're still out of luck. I've yet to find an extension for any of the other Web browsers that does a decent job of detecting or blocking Firesheep.

The long-term answers, as I've said before, though is for wireless networks to stop using open or poorly secured Wi-Fi and for Web sites to start defaulting to using SSL/TLS connections for any sensitive information. Until both these things happen, your network security outside of the office will remain in your hands and programs like BlackSheep that will help protect you.