1 minute read

If you have a wireless card in your laptop or netbook, you should see if it can be put into monitor mode/promiscuous mode. If so, this means you can “sniff packets” (watch all the internet data flying by your antenna). In a coffee shop or internet cafe, or near a condo/apartment building, this can be quite a lot. With software like wireshark you can log all of these packets and see what type of fun information you can find. This will include all of (non-encrypted) web surfing, and emails going by!
In 2007, Errata Security released Hamster and Ferret software which packet sniffs certain packets of data called session cookies. This process is called HTTP session hijacking which is more commonly called sidejacking. You load the Hamster proxy in your browser, and it will list all of the session cookies it was able to find. This allows you to login to existing web sessions on websites like gmail and Facebook, and hundreds of others as another individual.
This week Eric Butler released Firesheep which does the same thing, it’s just a lot prettier and a lot easier to use. It has got a lot of media attention. Just remember, sidejacking is nothing new, and with software like wireshark you can sniff all internet traffic, not limiting it to just session cookies!
While we don’t condone malicious activity, anything that can raise awareness to the benefits of encryption is a good thing. Did you realize that almost every website you go to, and every email you send is also in plain text? Even if you’re not using wireless, but a wired connection, these packets all go across dozens of computers on the internet like a postcard until they get to the intended recipient? Perhaps it’s time we all start encrypting our emails and demanding websites use encryption. It helps us maintain both privacy and security.