Posted by & filed under Cloud Computing, Privacy, Security, WI-Fi.

Description: Firesheep — a month-old Firefox plug-in that anyone can use to sidejack your free Wi-Fi session — is gaining attention in tech-security circles.

Source: USA Today

Date: Nov 10, 2010

Any time you use a free public Wi-Fi hookup — such as those you find at Starbucks and many airports — your risk of having someone sitting nearby commandeer your session is imminent. That’s because most free Wi-Fi hookups are unencrypted.

Sidejacking has been around since at least 2007. It’s considered an obscure attack vector. However, no one we know of has yet done a comprehensive study to measure how often sidejacking actually takes place.  Firesheep was unveiled on Oct. 25 by Eric Butler, a Seattle-based Web application software developer and researcher. Good guy researchers like Butler are referred to as white hats. White hats try to beat black hats — bad guy hackers — to the punch in finding fresh security flaws. White hats release their findings to start public discussions. Their goal is to prompt quick fixes and thus do their small part to improve overall security.      Click here for rest of story

Questions for discussion:

  • What is Firesheep and what are the security concerns of this product?
  • Is sidejacking a real threat or just driven by alarming media reports?
  • What is the difference between a white Hat hacker and a Black Hat hacker in regards to Firesheep?

20 Responses to “Firesheep sidejacking tool highlights risk of using free Wi-Fi”

  1. Shawn Nelson

    Firesheeping well i can honestly say i have never heard that word before. I think it is ridiculous about all the people who are stealing peoples identity. Money is obviously driving this market. The world is full of greed and people trying to get something for nothing. There needs to be better monitoring and justice brought down on those who breaks the law. If people can break into your info then we should be able to break into theirs and track them. The internet needs accountability and justice to be served. The thought does cross my mind about where this information is going and if by change some businesses are paying for this information. Money is a driving force and people are willing to do many things or whatever means possible to make money.

  2. Crystal

    White Hat hackers (good) attempt to beat black hat hackers (bad) in “finding fresh security flaws.” A white hat hacker, such as Eric Butler who developed Firesheep, job is to find areas of security that can be easily breached by black hat hackers. The good guys’ goal is to make the public known to these threats so they can start to take action to fix the problem. It is a good thing to make us aware of these issues, but now Firesheep is available for the bad hackers to use to gain our information. I don’t understand why they had to make another program available to the hackers. Clearly this was already a problem and there are other sidejacking programs. They could have just done their own study, without making Firesheep available to download, and made the public aware with their findings. People already know WiFi networks are unsecure, but I guess this program has given people the extra push to do something about this problem.

  3. Craig Hulsman

    Ive never heard of firesheeping before but the more and more i learn in the class the more i am starting to realize how easy it is for a hacker to hack into someones information and steal their identity. Facebook is such a growing social network tool that it is being debated that facebook might become the new email? so if its this easy for someone to sneak onto someone elses computer via wifi, its scary to think of the possibilities that hacker has given the right amount of information. I 100% agree that places like starbucks need to have passwords to get onto there wifi accounts to avoid someone abusing an unsecure network.

  4. Tyson Hickey

    Cool concept, hacking systems before black hat hackers get to it and exploit these opportunities. But does it really make sense to publish/publicly distribute white hacks?

    anyways im not really sure what else i can really discuss more about this topic, but in light of this article
    i think im gunna go get a cup of coffee . . . can i borrow someones laptop?

    =P

  5. Kristie Halbert

    I also have never heard of firesheeping before. Its crazy to think that while you are enjoying a coffee at places such as starbucks and other free wi-fi shops you have to be aware of such an issue. These places must be aware of such issues and I am glad someone is taking the inititive to do somthing about it. They are warning these places that this is an issue and passwords must be implimented to help lesson the issue. This is a serious problem for moat people like myself who keep all passworks logged in on their computer. Anything from banking information to email accounts. I think that other people and not just companies that offer free wi-fi but the public in general need to be aware of this firesheeping issue, so they can also take any other necessary steps to protect themselves!

  6. Tiffaney Gregus

    I’ve never heard of firesheeping either, and the concept is kind of terrifying. I don’t want to get hacked and have personal information at the mercy of someone else. I really think all public places offering Wi-Fi should definitely apply passwords to their networks. In this day and age it’s better to be safe than sorry, and when you’re dealing with potentially sensitive information, safe is the way to go. People might see it as an inconvenience at first, but I think as the term “firesheeping” is introduced more to the public, people will understand and see the benefits of encryption.

  7. Rohann K

    It’s a great concept by trying to help people against hackers, but in reality where there is computers or the internet there will always be problems with hackers. Who says that these people who are trying to help you wont eventually go to the bad side and steal your information. It is ridiculous how easy people can get personal information through the internet. Is anyone safe?

  8. Paige

    White hat hackers try to find ways that black hat hackers hack into accounts and letting the public know so as they can try and better secure their information. Whether you are using free Wi-Fi in places such as Starbucks or sitting in your home using your internet, there is always going to be ways that people are able to hack into your account. People just have to be careful about the information they put onto the internet and be aware that there are black hat hackers out there no matter how secure you think your internet is.

  9. Mahreen

    I have never heard about Firesheeping before. I think it’s definitely a cool concept and its great that there’s research being done to prevent all this. But at the same time, as convenient as the internet is, it has his negatives. I go to places like Starbuck so often and im on my laptop all the time, and its scary to know that some other person has access to your personal information i.e passwords etc. I definitely agree that public places like Starbucks etc should definitely have some sort of password to prevent this. Overall, i thought the article was pretty interesting and i personally think its a neat concept,better safe than sorry!

  10. Laura

    I had never considered the fact that because I was connected to a free wi-fi network that someone beside me could be hacking my computer and stealing sensitive information from me. I’m glad that white hat hackers have revealed this problem and moving towards solving it. Using simple passwords on these free wi-fi networks sounds like a great idea. It may annoy the users at first but once they understand it is to protect them from firesheeping, I believe many people would be happy to use a password to access the network. Protecting your information and privacy online is a major issue and the smallest things like a simple password can be used to better protect yourself.

  11. kaydree schoenroth

    Firesheep sounds like a product that should not be sold legally. A product which can help individuals steal indetities does not sound like a good idea to me at all. Sidejacking may be a driven by media reports but im sure it is a threat. Anybody can have their identity stolen, but a product like this makes the process much easier. I agree with making wifi places have passwords. Passwords would help protect people a little bit more.

  12. keke dong

    Firesheep is a Firefox extension that can steal your login information to many website such like facebook,twitter when you are using public free wi-fi.This extension allows people to view the Cookie of the way the public network to exchange information.
    When you sumbit your login information to the website, the computer server will check if the information you provide match with the exists,if it does match, the server will use cookies to store your personal information on this website. it’s really easy to lose your personal information from HTTP by sidejacking. It’s not safe while you are using free wi-fi in the public.
    when you are using free wi-fi in the public, do not access has been using the HTTP or return to the HTTP site.Because you cookies will be easily record by hackers and repeat using it. this kind of website easily to attack such as Amazon, facebook,Google etc. Remember to log out when you exit the website off.The most important is trying not use the public free wi-fi,it’s unsecurity for you privacy.

  13. keke dong

    firesheep is firefox extention which can steal your information when you are using the public free wi-fi. This extension allows people to view the Cookie of the way the public network to exchange information. while you submit your information to website such like facebook, twitter,the web server will check your information if match with the exits, it does so, the web server store your information with cookies. since you are using the unsecured internet, the information will be easily viewed by others.to proctect your privacy, first try not to access websites when you are using public website. second,Do not access has been using the HTTP or return to the HTTP site. Anyone can intercept your information when you did that way, therefore you information will be easily record and others can repeat using it. Third, Remember to log out when you want exit the website off.

  14. Nianze

    Firesheep was unveiled by Eric Butler, also referred to White hats which try to beat black hat. White hats try to the punch in finding fresh security flaws and they aim to prompt quick fixes and to improve internet security.
    However, the new flaw exposed by the white hat creates widespread hacking opportunities. At this moment, the hackers come in place to take the advantages before the fixes can be made, which is the concern with Firesheep. For instance, someone can use Firesheep to access to your information while you were online. Also, Firesheep was released a plug-in called Black sheep designed to show warning if someone is using Firesheep closeby. However, the drawback of Blacksheep is that it does nothing to warn you about other sidejacking programs that someone might be using.

  15. Jason F

    Like I have said in another comment post, my computer got hacked by someone in China. I tried to recall the websites I was on, to see where they could have accessed my account, but I cannot think of where I was. If someone from China can do this, imagine what someone sitting next to you can do. Its quite scary to think of, because im sure a lot of people have important information and documents that they do not want anyone else to see.
    I believe that making a password for users to use is a good idea, because it seems less risky to getting hacked by someone beside you. When I was in Toronto and at a starbucks, they made me pay for there password, so I am a huge fan of having free wi-fi, but not at the expense of my security.

  16. Bryce G

    This is a subject that I have never heard of before. Sidehacking is a way to gain access to your internet connection where black hats can steal your data and passwords used on the net. Guys like Butler (white hats) who expose these threats, strive to seek out and gain attention to these security threats. As more and more places and businesses have free internet, something must be done to combat these issues. Encryption is one of the ways to fix these issues with security, also a program called Blacksheep detects users that use Firesheep software. Now knowing that this issue exists I will try to use secure internet connections especially when banking and online shopping using unsecure connections. Hopefully these security issues will be resolved fully and that we will enjoy secure connections without having to worry about hackers in the future.

  17. Joana H.

    Firesheep is a newly discovered tool for sidejacking the Wi-Fi session of a user. This was discovered more or less one month ago by a white Hat hacker, which tried (as they normally do) to find this security flaw and spread the voice as soon as possible, to try to prompt people to fix it, although this sometimes can give the chance to a black Hat hacker to exactly try to use that Firesheep (or a similar tool) to break into the system. The Firesheep enables an intruder to get control of a user’s web session through a remote service by using the same credentials (password and user-name) that the user utilized. Therefore the highest probability to be attacked by such forms of hijacking is when surrounded by myriad of peoples (possible intruders) and when using an unencrypted Wi-Fi connection, especially in free Wi-Fi places like at the airport or in a mall, café, and so on. Since the majority of people are dependent on the Internet nowadays on a daily basis, and need to use it in different places but are not always equipped, the probability that they might end up using a two hours free Wi-Fi at the airport or while sipping a latte at Starbucks is not too remote. Therefore, if sidejacking works as explained (although it’s still a pretty new discovered problem), it’s probably a real problem, although maybe the probability to meet by chance an intruder, (I hope) it’s not so high. Certainly media have always a good deal of exaggeration in this kind of things.

  18. Ryan H

    I’ve never heard of Firesheeping before. It’s good that there are White hat hackers out there trying to find security threats and warn the public about them but this is now just another way that black hat hackers can gain access and information. It’s scary to think that as you are just in Starbucks or any other place really, browsing the internet, there could be someone basically watching what you’re doing on the internet and stealing your information. Although passwords can help guard against hackers, they can still find ways to get your information because it’s what they do.

  19. Jorin

    I think this is just another example of the over excited child that is business technology taking to long to keep up with risks that come with there tech advancement. I mean who decided wifi is the best solution for our private computing experience, and when they did and decided to make it part of business why wouldn’t they convey the risks associated with it to the consumers. If its like releasing a car to people without locks on it, or a seatbelt. DO SOME MORE TESTING. make it work for the consumer before you you embrace the technology fully. It makes me sick how much corporations rush technology to the general public trying to be the next big thing. If a someone can see what I am doing on my computer or get a hold of my personal information through wifi well i ma at a coffee shop, then take the wifi out of the coffee shop or state the risks of that like you put cancer sticker on a pack of cigarettes. I am tired of being the beta test for advancements in technology and putting myself at risk, and for what? so I don’t have to plug in a cord?

  20. kathy

    I really have never put much thought that my privacy could be at risk because of free Wi-Fi at the university or starbucks. A couple of my friend’s accounts have been hacked into. Truth is that a lot of information is on Facebook and people can use that for bad intentions. Firesheep according to the article is “a month-old Firefox plug-in that anyone can use to sidejack your free Wi-Fi session.” Sidejacking is not just driven by alarming media reports it is an actual threat. As it can lead to people stealing passwords; for example most people have their online banking accounts setup. This makes it easier for people’s identity to be stolen. With Sidejacking anyone can look on what you have been doing this leads to your privacy constraint. Therefore the job of white hats is too look for flaws in the security before the black hackers do. After they find those flaws they share that information to the public. This allows the public know if any of their privacy is at risk. Black hackers take advantage of the situation and try to hack into your information. I think white hackers should take of the flaw in the security before making it public.

Leave a Reply

Your email address will not be published.