Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firesheep Countermeasure Tool BlackSheep

CmdrTaco posted more than 3 years ago | from the baa-ram-yew dept.

Firefox 122

Orome1 writes "Slashdot already covered Firesheep, the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping 'fake' session ID information on the wire and then monitors traffic to see if it has been hijacked."

cancel ×

122 comments

or just use proper security (4, Insightful)

datapharmer (1099455) | more than 3 years ago | (#34160738)

Or you could just force tls/ssl on sites that support it and render firesheep useless. Because you know, being alerted that your information just got stolen is much better than using proper security in the first place.... or not.

Re:or just use proper security (5, Informative)

iammani (1392285) | more than 3 years ago | (#34160798)

Exactly, this is what EFF's Firefox Addon does [eff.org]

Re:or just use proper security (1)

Jugalator (259273) | more than 3 years ago | (#34160820)

Much, much better solution than this "Blacksheep" tool if you ask me. Blacksheep simply isn't doing this right.

Re:or just use proper security (2, Informative)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34161016)

Tools for detecting malicious actors certainly have their place(even if you are cryptographically protected from them, it's always nice to know what sort of neighborhood you are currently in); but the idea of playing cat-and-mouse when you could be playing cat and enciphered-such-that-it-will-be-inedible-long-after-the-sun-has-devoured-the-inner-planets-mouse is seriously head -> desk...

Re:or just use proper security (1)

RaymondKurzweil (1506023) | more than 3 years ago | (#34162450)

Firesheep users are generally not malicious actors... just pranksters. Ironically, a real malicious actor would just use Firesheep to just grab sessions and then use SSL as described to actually use them, which would be beyond what BlackSheep could deal with. I wonder if that is already doable with the install of the EFF extension and Firesheep and no other modification.

Re:or just use proper security (2, Interesting)

datapharmer (1099455) | more than 3 years ago | (#34160892)

well kind of... that plugin fails in that it requires you to add in each domain you want to use ssl for. I would recommend force-tls [mozilla.org] for firefox and KB SSL enforcer for chrome [google.com] (the second is not completely secure due to chrome's design, but hoping that will be fixed soon).

Re:or just use proper security (3, Informative)

iammani (1392285) | more than 3 years ago | (#34160958)

Mmm neat, but force-tls is not helpful for wikipedia (and other similar sites), that need mapping from en.wikipedia.org/wiki/Google to secure.wikimedia.org/wikipedia/en/wiki/Google

Re:or just use proper security (1)

hitmark (640295) | more than 3 years ago | (#34160966)

Force-tls seems to depend on the page telling the browser to use tls, not sure how different that is from a frontpage that redirects to https. The EFF extension however alters any attempt to access one of the domains it is set up with to https, and do so based on user, rather then page, settings.

Re:or just use proper security (3, Informative)

iammani (1392285) | more than 3 years ago | (#34161040)

Spot-on, Force-tls actually prevents DNS spoffing attacks and nothing more. Say you try to visit http://www.bankofamerica.com/ [bankofamerica.com] from starbucks, someone might spoof the dns and redirect you to their own page rather than https://www.bankofamerica.com/ [bankofamerica.com] . Force-tls prevents this by not requesting for the http page and directly requesting for the secure page (it knows for what pages it has to request using https, by remembering the last time you visited the site (to be more specific, whether the site had sent a X-Force-TLS when you had visited them before)).

Re:or just use proper security (1)

Spad (470073) | more than 3 years ago | (#34160828)

on sites that support it

And therein lies the problem.

Re:or just use proper security (2, Funny)

mounthood (993037) | more than 3 years ago | (#34160848)

Because you know, being alerted that your information just got stolen is much better than using proper security in the first place.... or not.

But if we did have an Add-on which "alerted that your information just got stolen" we could call it "Wake Up Sheeple!"

Re:or just use proper security (1)

tjlaxs (1872422) | more than 3 years ago | (#34160854)

Forcing SSL on, for example, Facebook renders some features just unworking. :/ But yes, it's still better security to browse in some what nonworking environment.

Re:or just use proper security (1)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#34160954)

Or you could just force tls/ssl on sites that support it and render firesheep useless.

Firefox users are using software which actively discourages use of ssl and other secure connections. They're unlikely to set their browsers to use secure connections by default.

Re:or just use proper security (1)

IB4Student (1885914) | more than 3 years ago | (#34161094)

Firefox 4 comes with HSTS

Re:or just use proper security (1)

jonescb (1888008) | more than 3 years ago | (#34160960)

Or just tunnel through SSH whenever you're on an unsecured network. I was with some friends last week who were using Firesheep on each other (all in good fun), but I was tunneling all my traffic and nobody was able to get my cookies.

Re:or just use proper security (1)

gad_zuki! (70830) | more than 3 years ago | (#34161070)

Some sites dont support SSL. Hotmail for instance.

Re:or just use proper security (1)

iammani (1392285) | more than 3 years ago | (#34161124)

Hotmail has had HTTPS support for a while now. All you have to do is visit https://www.hotmail.com/ [hotmail.com] and as soon as it logs on click on always https (hotmails prompts you for it).

And most websites I use support https (if not they lose the tinfoil market)

Re:or just use proper security (1)

gad_zuki! (70830) | more than 3 years ago | (#34161442)

Actually, that doesn't work. I'm able to log in but then it fails on the next page load.

The issue is that if you login without https it redirects you to a https page FOR LOGIN ONLY. Everything else in unencrypted past that point. The trick you supplied is forcing it to use https after login and that is not supported. At least on Firefox.

Re:or just use proper security (1)

iammani (1392285) | more than 3 years ago | (#34161566)

It does work for me (with out using EFF's addon). Do try visiting https://account.live.com/ManageSSL [live.com] , where you can set this up. Not sure why simply visiting https://www.hotmail.com/ [hotmail.com] does not work for you.

And I do understand what you looking for is https even beyond logon. The one I had mentioned (in this post and the prev post) is exactly for this purpose.

Re:or just use proper security (1)

iammani (1392285) | more than 3 years ago | (#34161594)

Oopsie, I forgot to mention, you need a live plus account to be able to change settings at https://account.live.com/ManageSSL [live.com] . But still visiting https://www.hotmail.com/ [hotmail.com] should still work for non-paying users. Here is a source if you are interested... http://lifehacker.com/5684326/hotmail-adds-always+on-secure-https-connection-option [lifehacker.com]

Re:or just use proper security (1)

gad_zuki! (70830) | more than 3 years ago | (#34162774)

Important note: Turning on HTTPS will work for Hotmail over the web, but it will cause errors if you try to access Hotmail through programs like:

        * Outlook Hotmail Connector

MS is really screwing this up. I use the Outlook connector on a different computer. So now I can have either HTTPS or the connector.

Re:or just use proper security (1)

muckracer (1204794) | more than 3 years ago | (#34161502)

> https://www.hotmail.com/ [hotmail.com]

Hmm...I get a warning thrown up by the SSLPasswdWarning FF plugin (actually on the hotmail-redirected login.live.com):

Warning!!!
The password field you have selected will transmit your information over an unencrypted and insecure connection.
The form submits to:
UNKNOWN (or handled in Javascript)

Anybody verified, that this actually gets handled via SSL (in JS or whatever)?

Re:or just use proper security (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34161410)

Speaking of which - what does Slashdot use? I don't see an HTTPS in my urls...

Couldn't someone sidejack a Slashdot Session?

Re:or just use proper security (1)

muckracer (1204794) | more than 3 years ago | (#34161606)

In recent threads about Firesheep in regards to Slashdot I had seen several times the suggestion to use:

https://slashdot.org/my/login [slashdot.org]

Yes, there is an SSL-page for login. After login it the re-directs to the main /. page (http).
So far so good except...I am still NOT logged in! Anybody know, what the deal is with that?

Re:or just use proper security (2, Insightful)

Monkeedude1212 (1560403) | more than 3 years ago | (#34161826)

I suppose thats an equally effective countermeasure.

Since this thing attacks Firesheep (4, Funny)

Spy Handler (822350) | more than 3 years ago | (#34160740)

shouldn't it be called Firefox?

Oh wait...

Re:Since this thing attacks Firesheep (1)

Lord Lode (1290856) | more than 3 years ago | (#34160756)

More like Firewolf!

Re:Since this thing attacks Firesheep (2, Funny)

M. Baranczak (726671) | more than 3 years ago | (#34161582)

Airwolf.

Re:Since this thing attacks Firesheep (1)

karstdiver (541054) | more than 3 years ago | (#34161916)

Ralph E. Wolf vs. Sam Sheepdog

Re:Since this thing attacks Firesheep (1, Funny)

Anonymous Coward | more than 3 years ago | (#34162354)

LibreSheep!!

Re:Since this thing attacks Firesheep (2, Interesting)

qubezz (520511) | more than 3 years ago | (#34163366)

It should have been named white sheep, to prevent against black [hat/sheep] hackers.

Re:Since this thing attacks Firesheep (1)

Faatal (1907534) | more than 3 years ago | (#34161002)

It's a wolf in sheeps clothing

Re:Since this thing attacks Firesheep (1)

wowbagger (69688) | more than 3 years ago | (#34161854)

Firesheep is attacked by Icewolf, working in conjunction with Iceweasel.

Re:Since this thing attacks Firesheep (1)

Stregano (1285764) | more than 3 years ago | (#34162784)

For some odd reason, this makes me want to bust out some Pokemon Blue

Re:Since this thing attacks Firesheep (0)

Anonymous Coward | more than 3 years ago | (#34162502)

I think you meant FireScot.

Re:Since this thing attacks Firesheep (1)

CarpetShark (865376) | more than 3 years ago | (#34162614)

Great Scott! Why would you want to fire him?!

Secure login (1)

Lord Lode (1290856) | more than 3 years ago | (#34160744)

Don't most big email and social network sites use a secure login, so that it won't work for firesheep? Are there any examples of large ones that don't? Thanks.

Re:Secure login (4, Informative)

marcansoft (727665) | more than 3 years ago | (#34160782)

Secure login doesn't matter. You need secure everything, or people can just steal your session cookie. That is almost as bad as having your login stolen.

Re:Secure login (1)

Mashiki (184564) | more than 3 years ago | (#34162518)

True story on that. About 2 years ago, one of the WoW forum heads had their session cookie stolen. Much luling was enjoyed by all as they started mass-posting spam, on their forums.

Re:Secure login (3, Informative)

SgtKeeling (717065) | more than 3 years ago | (#34160792)

Most email and social network site do use a secure login, but it's not logging in that's the issue. After you've logged in securely, your session information keeps getting sent back and forth over regular http, instead of https, and there is enough information in there for firesheep to impersonate you.

Re:Secure login (4, Insightful)

SharpFang (651121) | more than 3 years ago | (#34160850)

Firesheep doesn't steal login credentials, only hijacks (insecure) session already (securely) authenticated.

You log in securely, you receive a cookie that proves you did. You present it to a webpage, the webpage allows you to access the content, because the cookie identifies and authorizes you. Then someone else obtains a copy of your cookie and their browser, upon presenting the cookie to the website, receives the same treatment as your own. Since the cookie is sent in plaintext in headers of every common unencrypted connection, obtaining it is trivial (compared to secure login)

Examples? Facebook, Myspace, Twitter, enough for you?

Re:Secure login (3, Informative)

AdamsGuitar (1171413) | more than 3 years ago | (#34160916)

The issue with Firesheep is session hijacking, not theft of login and password information.

Re:Secure login (1)

Jonner (189691) | more than 3 years ago | (#34164182)

If you were aware of the purpose of Firesheep [codebutler.com] , you'd know that it is quite effective, since so many large sites don't require the use of HTTPS.

Re:Secure login (0)

Anonymous Coward | more than 3 years ago | (#34164300)

Just attended a conference where I made liberal use of Firesheep, for the sake of testing the waters. You wouldn't believe how many different Twitter, Facecbook, and Gmail accounts I could have hijacked if I'd wanted - in one session (probably about 10 minutes), I got the cookies of 15 separate accounts. Kind of ridiculous.

So, to clarify... (4, Insightful)

Jugalator (259273) | more than 3 years ago | (#34160762)

Since this extension only *informs* and does nothing else, such as actively disrupt Firesheep's functionality, you will still be busted if doing insecure communication on the network, see this warning suddenly pop up, and are already using Twitter/Facebook/...? And in this case, you would have to "ZOMGQUIT!!!" to have any chance of being safe.

For how long can a session be hijacked anyway? If you close your browser, is the seesion instantly invalidated? Or only after like 5 minutes? I mean, in that case, Blacksheep could scream all it wants, and you'll still be a potential victim even if it warned you and you closed your browser (or tab).

Re:So, to clarify... (1)

dhawton (691348) | more than 3 years ago | (#34160806)

Log out. Sites that do proper coding should "terminate" the session anyway. Or at least empty the information on their end so that the session ID is no longer useful.

Re:So, to clarify... (2, Insightful)

The MAZZTer (911996) | more than 3 years ago | (#34160912)

I'm willing to bet sessions for most websites can last indefinitely, at least until you change your password. The website usually instructs the browser when to clear the session cookie (several weeks to several months, in my experience), but of course an attacker doesn't need to honor that request.

Re:So, to clarify... (0)

Anonymous Coward | more than 3 years ago | (#34160930)

I'd guess that on most websites, clicking "log out" would render the session ID no longer useful.

Re:So, to clarify... (2, Insightful)

contra_mundi (1362297) | more than 3 years ago | (#34161132)

Depends on the implementation of the website. It could be that clicking "log out" only removes the cookie from your browser -> You are logged out.

Making sure that someone else doesn't also have the cookie might be viewed as redundant, if this kind of security is not kept in mind while designing/coding the site. Perhaps it could even be removed as an optimization for a very popular service like Facebook.

Re:So, to clarify... (1)

drcheap (1897540) | more than 3 years ago | (#34163646)

Depends on the implementation of the website. It could be that clicking "log out" only removes the cookie from your browser -> You are logged out.

If that's the implementation, then said site deserves to be taken advantage of (and the developer fired).

As for the poor unsuspecting users...well, sorry.

Re:So, to clarify... (1)

drcheap (1897540) | more than 3 years ago | (#34163610)

I'm willing to bet sessions for most websites can last indefinitely, at least until you change your password.

Yes, because they have infinite system resources to keep an unlimited number of indefinite sessions around.

No, sessions have expirations, some longer than others.

Re:So, to clarify... (4, Informative)

Barefoot Monkey (1657313) | more than 3 years ago | (#34160956)

For how long can a session be hijacked anyway? If you close your browser, is the seesion instantly invalidated? Or only after like 5 minutes? I mean, in that case, Blacksheep could scream all it wants, and you'll still be a potential victim even if it warned you and you closed your browser (or tab).

As long as the hijacker keeps using your session the session will stay alive, even if you close your browser. But if you actually log out of the website then the hijacker gets kicked off too. So if Blacksheep tells you that someone's on your account then log out of Facebook immediately. Or, better yet, check that your email address hasn't been changed while the other guy's been on your account, then log out.

Re:So, to clarify... (1)

LincolnQ (648660) | more than 3 years ago | (#34161228)

It depends on the website. Many websites do have the behavior you describe. But some will just delete your session cookie from your browser (without deleting it from the server) which would let the attacker keep using it.

Re:So, to clarify... (1)

John Hasler (414242) | more than 3 years ago | (#34161628)

Would it be better for Blacksheep to log you out immediately? That might prevent the attacker from accomplishing anything since it would happen within milliseconds of him sending a duplicate cookie.

Re:So, to clarify... (1)

clone53421 (1310749) | more than 3 years ago | (#34163808)

That might prevent the attacker from accomplishing anything since it would happen within milliseconds of him sending a duplicate cookie.

No. Up to 5 minutes, by default. Blacksheep generates traffic with a fake session ID every 5 minutes, and it notifies you when the fake cookie is used. Your real session cookie can be stolen any time your browser talks to the Facebook server, and Blacksheep doesn’t detect that.

Re:So, to clarify... (2, Informative)

CrashandDie (1114135) | more than 3 years ago | (#34161632)

As far as I know, Twitter doesn't behave this way. If you log out on machine_x, only machine_x is logged out. Not the attacker.

GMail's "Destroy all other sessions" would be closer to the behaviour you're talking about.

Re:So, to clarify... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34161918)

Twitter does too. If you are sharing the same session cookie, if you logout, the cookie is no longer valid and the hacker gets kicked out.
If it's two separate sessions to the same twitter account (two different session cookies) then what you mentioned is true but that is not what happens when someone uses firesheep.

Re:So, to clarify... (2, Informative)

TheCarp (96830) | more than 3 years ago | (#34162020)

However two different "machines" (even two different browser sessions on the same machine) should get different session IDs. As such, this would be expected, since each session is independent. The session ID is, generally, just a cookie with a specific value, your browser hands this back with every request, thus associating each request to the session.

So if you logout, and that invalidates the session, then this is to be expected, since each browser/machine has its own session cookie, each one is independent.

This is not the situation for a hijacked session. The original session and the hijacker will both have the same ID. So when you log out, if that invalidates the session properly, then the hijacker is logged out too, even if other sessions are still active.

Of course, this is "in general how it works". Most sites probably follow this model and will work this way. There is nothing to say all sites will. A site could easily correlate sessions and either allow only one session at a time for a user, or any number of things that would make it behave differently.... but usually you will have different sessions in each browser.

-Steve

Re:So, to clarify... (1)

drcheap (1897540) | more than 3 years ago | (#34164712)

And a less common, but better approach is to not simply trust the session ID supplied by the client as the sole method of post-login identification.

For example, you could log the client IP address at session creation, and then re-verify with each request to detect a hijacker. Not completely foolproof (IP spoofing, man in middle, etc.), but a lot better nonetheless.

So... (0)

Anonymous Coward | more than 3 years ago | (#34160776)

...what happens when you're on an unencrypted network and the FireSheep user picks the correct session ID anyway? I'd imagine choosing an encrypted network is still the better way to go.

Sheepsafe (1)

mosburger (189009) | more than 3 years ago | (#34160784)

See also: Sheepsafe. http://github.com/nicksieger/sheepsafe ... it's a simple Ruby script that automates setting up a SOCKS proxy for you on untrusted networks. I think it's only setup to work w/ OSX right now, but should be pretty simple to adapt to other unixy OSes.

New Zealanders rejoise :) so much sheep :))) (0)

Anonymous Coward | more than 3 years ago | (#34160822)

New Zealanders rejoise :) so much sheep :)))

Wrong premise (0)

Rosco P. Coltrane (209368) | more than 3 years ago | (#34160834)

People worrying about Firesheep, or any other form of password sniffing, all make one crucial wrong assumption, and it's that any aspect of their digital life is of any interest whatsoever. The truth is, unless you're someone who matters, nobody cares about your rambling on your blog, your Facebook account or your Facebook friends, what you tweet about, your nickserv password on IRC or your POP3 email password. Nobody... cares...

And if you're someone who matters (no, really, no you), someone probably made sure your digital details are pretty secure for you. As for those who are very VERY important and famous, they have nothing to worry about, as their Twitter or Facebook accounts are usually fake, with one of their staff behind the keyboard, so they look cool and digital and in touch with their constituency to get more votes at the next election.

Finally, those who might have something to hide from, say, the law, already know how to encrypt their partitions, run ssh tunnels or use TOR, and do that in a bar with a laptop using an insecure Wifi hotspot. Nobody can sniff any password from them if they stay careful.

So in short, if you're a harmless Joe Blow, you can stop worrying about securing your digital presence: it only makes you look suspect if your computer or your communications are investigated for any reason. Your place in the Who's Nobody pretty much ensures your security and anonymity on the internet.

Re:Wrong premise (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34160880)

The truth is, unless you're someone who matters, nobody cares about your rambling on your blog, your Facebook account or your Facebook friends, what you tweet about, your nickserv password on IRC or your POP3 email password. Nobody... cares...

A half a million downloads of firesheep says you are wrong.

Re:Wrong premise (1)

MoeDumb (1108389) | more than 3 years ago | (#34161686)

But how many of those half a million are look-sees that wind up in the trash?

Re:Wrong premise (3, Insightful)

asdf7890 (1518587) | more than 3 years ago | (#34160940)

So in short, if you're a harmless Joe Blow, you can stop worrying about securing your digital presence: it only makes you look suspect if your computer or your communications are investigated for any reason. Your place in the Who's Nobody pretty much ensures your security and anonymity on the internet.

People thinking this, or not worrying about password sniffing in other forms, all make one crucial wrong assumption, and it's that protecting your account is often not about protecting the information you chose to publish.

Once someone has access to your account either by password sniffing or session hijacking can act as you, spamming your contacts and perhaps sending them off to sites that perform drive-by malware installs by posting links as if they had come from you.

While you might be right that nobody cares specifically about one person's facebook account, there are certainly people out there who would love to pick up a large number of them for spamming purposes.

Also for people who are daft enough to use the same password for multiple sites (actually I have one password for sites I don't care about, but for anything else I have separate passwords stored in keepass) sniffing their facebook/twitter/what-ever password could be far worse than getting their social networking account hijacked: it could give an attacker access to your webmail account from which they may be able purloin enough data to gain access to your bank account and so forth.

Re:Wrong premise (0)

Anonymous Coward | more than 3 years ago | (#34162110)

Also for people who are daft enough to use the same password for multiple sites (actually I have one password for sites I don't care about, but for anything else I have separate passwords stored in keepass) sniffing their facebook/twitter/what-ever password could be far worse than getting their social networking account hijacked: it could give an attacker access to your webmail account from which they may be able purloin enough data to gain access to your bank account and so forth.

Well don't worry. With Facebook's new single sign-on service hacking multiple accounts really is as simple as hijacking a session!

New and Improved indeed...

Tell that to these 170 'nobodies'... (2, Interesting)

Animaether (411575) | more than 3 years ago | (#34160992)

The recent arrest of a 23-year-old California man that has allegedly hacked e-mail accounts of more than 170 women and posted sexually explicit pictures found within them to the victims' Facebook accounts, has highlighted the need to limit the amount of personal information posted on various social networks.

- http://www.net-security.org/secworld.php?id=10096 [net-security.org]

Re:Tell that to these 170 'nobodies'... (1)

canajin56 (660655) | more than 3 years ago | (#34161402)

Uploading naked pictures of yourself to an email server doesn't count as not doing anything interesting that's worth protecting ;)

Nobody? (3, Insightful)

contra_mundi (1362297) | more than 3 years ago | (#34161052)

You forget the '4chan' part of the problem. They will use this to ruin your (however unimportant you think it is) life and just for giggles.

Re:Wrong premise (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34161096)

People like you make two crucial assumptions; both wrong:

1. Attacks are laborious: As spam demonstrates, evil can be automated. Thanks to automation, the effort required is so low that the number of rationally viable targets balloons enormously. Further, because security people and mail admins are constantly working against automated evil, the value of genuine "civilian" hosts/accounts/etc. from which to disguise hostile action is higher than it would otherwise be(a single mailserver on a 1Gb line can send more p3n1s p1llz spam, and is much easier to administer, than a huge number of home computers or hijacked hotmail accounts; but costs more and is easier to block).

2. Humans are not, in a substantial number of cases, motivated purely by curiosity, voyeurism, or malice: People break into stuff merely because they can, or because they are hoping to access some of those private pictures from the blond across the coffee shop's account, or because they think that it would be hilarious to have you post "L0L shittingniggerdicks!!!!" to the facebook walls of all your friends and then leave you to explain that one to the dean.

Re:Wrong premise (1)

Observador (224372) | more than 3 years ago | (#34161204)

Slashdot needs a "+1 Retweet this comment" option...

No, seriously. It's off-topic but I really think insightful comments [like the parent comment] should be given more exposure outside of /.

Re:Wrong premise (1)

fbjon (692006) | more than 3 years ago | (#34162768)

The only problem being it's not actually an insightful comment, for the reasons given by other posts...

Re:Wrong premise (1)

Arancaytar (966377) | more than 3 years ago | (#34161302)

And if you're someone who matters (no, really, no you), someone probably made sure your digital details are pretty secure for you.

Yeah, like that Alaskan politician who used a Yahoo email account. :P

Re:Wrong premise (0)

Anonymous Coward | more than 3 years ago | (#34161682)

Nobody... cares...

The truth is quite the opposite, actually. We're not talking about being able to publish an ad on your blog, or changing your Facebook status to "screwed", but really stealing your identity.
ID theft is the first step of many criminal scenarii, and stealing your Facebook, or mail account, is one very simple thing that can open many doors, as pointed out by asdf7890.
In fact, VIPs are of no interest to thieves, because they know their ID is hard to steal (due to the security measures they use), and it would be far too risky to attempt to impersonate them (due to the fact that an investigation will very soon point out the criminal). OTOH, Mr Joe Blow, is the perfect target. Nobody cares about him, so nobody will jump and call the FBI if all his money gets transferred to an anonymous account in the Cayman Islands. By the time Mr Blow calls the police, his money will be far, far away. Or his friends, totally infected by a trojan. And so on.
Criminality is driven by a combination of factors, including how attractive the target is, how difficult it is to put your hands on it, how much risk you'd take, how weakly protected the target is, etc. Fort Knox is very attractive, but too protected. Your Facebook account is only slightly attractive, but so easy to be stolen that it will be stolen.

Master Yoda says: (4, Funny)

TheWarp (1903628) | more than 3 years ago | (#34160948)

Begun, the sheep wars have.

Re:Master Yoda says: (1)

Adult film producer (866485) | more than 3 years ago | (#34162214)

hey, I thought that was pretty funny :-) Screw the mods.

Grrrrr. (0)

Anonymous Coward | more than 3 years ago | (#34160962)

"BlackSheep" could not be installed because it is not compatible with your Firefox build type (Linux_x86-gcc3). Please contact the author of this item about the problem.

HTTPS Everywhere (1)

chebucto (992517) | more than 3 years ago | (#34160986)

This [eff.org] firefox extension from the EFF will force an HTTPS connection if possible. It works with Firefox (ie keeps the connection in https mode throughout the session, not just during the login).

Counter-counter measures (2, Interesting)

embolalia (1561119) | more than 3 years ago | (#34161056)

How long until Firesheep implements something that detects a Blacksheep trap, and doesn't respond to it? Will Blacksheep then implement a detection detector?

Re:Counter-counter measures (1)

Timmmm (636430) | more than 3 years ago | (#34161796)

Indeed, for instance firesheep could just use a different internet connection (e.g. 3G). Some websites check the source IP of the cookie, but most probably don't.

You Are Doing It WRONG. (1)

Arancaytar (966377) | more than 3 years ago | (#34161114)

Let's say you have a house. You keep valuable things in it, but you don't have a front door. Anyone can just walk in.

In particular, you've regularly noticed shifty-looking people entering your house carrying a large black bag in order to steal your stuff.

Now from this, you might draw the conclusion that it is time to get a door and lock it.

Or you could set up a sophisticated system of cameras and image analyzing software that will scan everyone walking down your street and sound a loud alarm if one of them is carrying a large black bag.

For bonus points, overspecialize the system so that it only reacts to black bags, but not green ones.

Re:You Are Doing It WRONG. (0)

Anonymous Coward | more than 3 years ago | (#34161240)

Problem is, this technically isn't "your house" that the shifty people are breaking into. This is more like checking into a motel that doesn't have locks on its doors and there is no easy way to keep anyone from getting in.

The only solution in this situation is to convince management that they need to replace all of their doors with doors that have locks.

Considering the difficulty of that solution, analysis of what "has" happened to your unsecure room is the next best thing.

Re:You Are Doing It WRONG. (1)

MarkGriz (520778) | more than 3 years ago | (#34163410)

A house?!! WTF, this is slashdot, can we please get a proper car analogy?

I'd rather have (1)

Chrisq (894406) | more than 3 years ago | (#34161136)

I'd rather have this blacksheep [blacksheepbrewery.com] myself.

Counter Attack? (0)

Anonymous Coward | more than 3 years ago | (#34161322)

If it tells you the IP, any thoughts on a tool to shut down that IP? Or find out who is using it? I guess you could always go to the person who is in charge of the network and block their computer from reconnecting - but ofter times in a public WIFI, there isn't anyone.
 
  Personally, I would love to knock some kid over the head after finding out he is trying to steal my account/session.

Re:Counter Attack? (0)

Anonymous Coward | more than 3 years ago | (#34163924)

If you administrate the network, you could log into the wireless router settings and blacklist their MAC address (assuming they're not spoofing). If not, Ping of Death, LOIC, and MetaSploit come to mind.

(Yes, I know that Ping of Death shouldn't work. But it wouldn't hurt to try it.)

If nothing else, RST-spoofing would be pretty effective I imagine.

Should Provide For Fun Trips To Starbucks (4, Funny)

mastershake82 (948396) | more than 3 years ago | (#34161864)

Not because I care enough to use it to try to protect the 'sheep'. But I know that somebody will.

I can't wait to be at Starbucks when a socially awkward 17 year old stands up triumphantly to save the day by alerting everyone that there is a 'Firesheeper' in the building hijacking their cookies!

Re:Should Provide For Fun Trips To Starbucks (2, Funny)

halcyon1234 (834388) | more than 3 years ago | (#34164414)

The first amendment doesn't give you the right to shout "Firesheep" in a crowded Starbucks.

Anonymous Coward (0)

Anonymous Coward | more than 3 years ago | (#34162202)

Note: "BlackSheep" could not be installed because it is not compatible with your Firefox build type (Linux_x86-gcc3).

ac

Tripwire? (1)

mr100percent (57156) | more than 3 years ago | (#34162770)

That's not much of a tripwire, since your odds of activating it are sorta low.
What about FireShepherd [notendur.hi.is] which actively jams Firesheep?

Don't worry... (2, Funny)

Syberz (1170343) | more than 3 years ago | (#34162802)

No need to worry folks, the FireSheep guys will come up with SheepDog which will make sure that BlackSheep stays the hell put dagnabbit and you'll be able to spy on your friends again in no time.

NOT a viable solution (1)

MichaelKristopeit128 (1934222) | more than 3 years ago | (#34163146)

would the secret service declare an area clear if they sent a random pedestrian into an area and they were not harmed?

if someone is waiting to hijack YOUR session with firesheep, and you are not using encryption for authentication, there is NOTHING you can do to predict it.

Re:NOT a viable solution (0)

Anonymous Coward | more than 3 years ago | (#34164520)

Apart from the fact that they don’t know which cookie belongs to you until they try using it.

Re:NOT a viable solution (1)

MichaelKristopeit128 (1934222) | more than 3 years ago | (#34164672)

they don't? they can't watch their target enter an establishment and watch them log in and then use the newest cookie?

Re:NOT a viable solution (0)

Anonymous Coward | more than 3 years ago | (#34165060)

All they would need to do is make sure that BlackSheep sends a fake session cookie before they actually log into Facebook.

Go ahead and watch them log in, that was really just BlackSheep sending a fake session cookie and they know you’re listening now.

'It has begun' (1)

ThatsNotPudding (1045640) | more than 3 years ago | (#34163842)

Sheep Wars
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...