sidejacking – PrivaSecTech Wed, 13 Nov 2019 18:33:33 +0000 en-US hourly 1 3 Steps to Guard Against the Wolf in Firesheep Clothing – Vancouver Sun Fri, 29 Oct 2010 00:25:19 +0000 I was quoted in this Vancouver Sun article today which highlights several ways you can protect yourself from sidejacking attacks.

Borrow your neighbours identity Thu, 28 Oct 2010 00:21:28 +0000 Continue reading Borrow your neighbours identity]]> If you have a wireless card in your laptop or netbook, you should see if it can be put into monitor mode/promiscuous mode. If so, this means you can “sniff packets” (watch all the internet data flying by your antenna). In a coffee shop or internet cafe, or near a condo/apartment building, this can be quite a lot. With software like wireshark you can log all of these packets and see what type of fun information you can find. This will include all of (non-encrypted) web surfing, and emails going by!
In 2007, Errata Security released Hamster and Ferret software which packet sniffs certain packets of data called session cookies. This process is called HTTP session hijacking which is more commonly called sidejacking. You load the Hamster proxy in your browser, and it will list all of the session cookies it was able to find. This allows you to login to existing web sessions on websites like gmail and Facebook, and hundreds of others as another individual.
This week Eric Butler released Firesheep which does the same thing, it’s just a lot prettier and a lot easier to use. It has got a lot of media attention. Just remember, sidejacking is nothing new, and with software like wireshark you can sniff all internet traffic, not limiting it to just session cookies!
While we don’t condone malicious activity, anything that can raise awareness to the benefits of encryption is a good thing. Did you realize that almost every website you go to, and every email you send is also in plain text? Even if you’re not using wireless, but a wired connection, these packets all go across dozens of computers on the internet like a postcard until they get to the intended recipient? Perhaps it’s time we all start encrypting our emails and demanding websites use encryption. It helps us maintain both privacy and security.