Remember FireSheep? Now stop it with FireShepherd!
29 replies, posted
[url=http://www.nytimes.com/external/gigaom/2010/10/29/29gigaom-stop-firesheep-with-fireshepherd-33115.html]Source[/url]
[url=http://www.facepunch.com/threads/1018769-Session-Hijacking-Via-Firefox-Extension]Previous ITN thread "Session Hijacking Via Firefox Extension"[/url]
[release]The recent appearance of the [url=http://codebutler.com/firesheep]Firesheep[/url] plugin for Firefox has raised concerns over the lack of security for browsing sessions conducted at public hotspots, so the [url=http://blogs.forbes.com/andygreenberg/2010/10/28/how-to-screw-with-firesheep-snoops-try-fireshepherd/]release of FireShepherd[/url] to stop the digital eavesdroppers is welcome news. Firesheep (it’s the naughty one) lets anyone using the browser plugin snoop out login credentials for commonly used web sites like Facebook and Twitter. Using this information strangers can access private accounts to do whatever they wish, as the web site being hacked thinks they are the owner of the account.
While the developer behind Firesheep claims the tool was released to demonstrate the vulnerability of private information at public Wi-Fi hotspots, it has been downloaded over 200,000 times. Unfortunately, Firesheep works because many web sites do not use the more secure HTTPS, which makes individual sessions secure even over public networks. No doubt some of those now using the tool to snoop do not have the same good intentions as the developer. [url=http://notendur.hi.is/~gas15/FireShepherd/]FireShepherd[/url] (the nice one) kills any Firesheep sessions running over unsecured hotspots. Unfortunately, FireShepherd is a Windows program, which leaves users of other systems unprotected.
There are tools besides FireShepherd that [url=http://gigaom.com/collaboration/more-secure-browsing-over-wi-fi/]our friends at WebWorkerDaily list[/url], which can be used to protect hotspot sessions from hackers, but apparently as [url=http://blogs.chron.com/techblog/archives/2010/10/the_firesheep_dont_even_look_up_1.html]one man’s recent trip to a Starbucks[/url] in New York City proved, many web surfers don’t run such tools or ignore the threat even when it’s pointed out. [url=http://technologysufficientlyadvanced.blogspot.com/2010/10/herding-firesheep-in-new-york-city.html]Gary LosHuertos used Firesheep in the Starbucks[/url] to gather login information for 20 people surfing the web, and then sent each a warning that they had been hacked. To make his point, LosHuertos sent the warnings from each patron’s own Facebook (or other network) account. He observed that some folks dropped offline after receiving the warning, but others kept on using the account as if nothing had happened.
The threat of having hotspot sessions compromised is not that far-fetched, and Firesheep makes it even more of a likelihood that at some point you might be exposed. Windows users should definitely look at FireShepherd, and those with devices on other platforms should take other steps to protect public web interaction. Many smartphone owners are accessing the web via Wi-Fi hotspots, but those devices have the best protection against hackers in their 3G or 4G connections. As tempting as using the free Wi-Fi may be, the safest way to connect to the web is using the phone’s integrated 3G/4G data connection. These connections are encrypted at the carrier level, and are risk-free as a result.[/release]
Glad they're "fixing" this...
damn, cant think of a witty first post. but put it this way ive round a use for my netbook other than tying documents
Should've named it WaterSheep.
[QUOTE=booster;25784076]Should've named it WaterSheep.[/QUOTE]
fight fire with fire
[QUOTE=-Ana;25784357]fight fire with fire[/QUOTE]
They do that with forest fires.
I'll admit I haven't heard of this FireSheep before, but couldn't you just use a Firewall?
The name is really nice.
Might stop the extension, isn't going to stop the method the extension uses.
[QUOTE=windwakr;25789558]So, it just spams packets? I can see a new version of firesheep just ignoring repeat packets to get around it.
FireSheep sniffs packets floating through the air, what would a firewall do to stop that?[/QUOTE]
I see.
Been on a trip the last few days with some friends who were using Firesheep and I tunnelled my shit through SSH like the bad ass motherfucker I am. Bitches couldn't do shit to me.
Fireshepard is for losers.
[QUOTE=PvtCupcakes;25789685]Been on a trip the last few days with some friends who were using Firesheep and I tunnelled my shit through SSH like the bad ass motherfucker I am. Bitches couldn't do shit to me.
Fireshepard is for losers.[/QUOTE]
u 2 c00l 4 th3m
u bet ur @$$
[QUOTE=PvtCupcakes;25789780]u bet ur @$$[/QUOTE]
x|X|xP\/TCuPC4|<35x|X|x FTW :v:
[QUOTE=Matthew0505;25804359]Why aren't people using secured networks?[/QUOTE]
Most are, but there's also public Wi-fi at cafes and such.
Getting this out of paranoia :tinfoil:
I use a VPN on public networks anyway.
Anyone tried this yet?
I AM FIRESHEPARD AND THIS IS MY FAVORITE ADDON ON THE INTERNET.
c
[QUOTE=Raneman;25863553]I AM FIRESHEPARD AND THIS IS MY FAVORITE ADDON ON THE INTERNET.
c[/QUOTE]
[media]http://www.youtube.com/watch?v=qSSMDobqlwo[/media]
How about gee i dunno, using [url]https://www.facebook.com/home.php?[/url] instead of [url]http://www.facebook.com/home.php?[/url]
It's just a extra S that needs to be used.
Wait, facebook redirects you to a unsecure HTTP connection if clicking any links on Facebook itself.
dammit
I immediately thought that the shepard would cost you money before I read the article.
[QUOTE=PLing;25866868]I immediately thought that the shepard would cost you money before I read the article.[/QUOTE]
sure proved you wrong hey
[url=http://technologysufficientlyadvanced.blogspot.com/2010/10/herding-firesheep-in-new-york-city.html]Here[/url]'s a really interesting article, about a guy who went ahead, tried Firesheep on a Starbucks, got access into a few accounts and send them messages about what he did and how he can avoid it... but even when they were warned, they didn't seem to care and kept using Facebook anyway... :/
Sorry, you need to Log In to post a reply to this thread.
