How to screw with those firesheep snoops - FireShepherd

How to screw with those firesheep snoops - FireShepherd (blogs.forbes.com)

29 points by Mikecsi 15 years ago | 11 comments

raesene 15 years ago |

From what I've read of FireShepard, it's a really bad countermeasure. Basically as described it's doing a DoS attack on people using FireSheep, probably triggered by a coding error that could be fixed.

Two big problems

1) What if the DoS affects other parts of the infrastructure like the Wireless Access Point. Can't imagine hotspot owners will be too happy if people start doing this all the time.

2) False sense of security. Using FireShepard is unlikely to stop other means of getting access to the data (eg, kismet), it only stops FireSheep (for now).

cstuder 15 years ago | |

Plus it probably can be fixed easely by FireSheep with an update.

If FireShepard were to flood the network with fake personalities and their cookies instead, it might help hiding real accounts.

krosaen 15 years ago | | |

yeah, and if each fake personality lead to a rick roll or worse...

look_lookatme 15 years ago |

This a naive question, but what would prevent Google from buying one of the trusted CAs (or fast tracking their own service into most browsers) and knocking the bottom out of the cert market with a free and easy SSL solution?

It doesn't make much business sense, but it fits in with some of Google's more philanthropic initiatives for a healthier net.

cobbal 15 years ago | |

As I understand it, certificates are not the only problem. SSL requires significantly more overhead on the server as well, which is why it is commonly used just for logins.

eli 15 years ago | | |

The overhead of running your webserver itself of SSL isn't that huge a deal. But it usually means you also need to load all images and static assets off a HTTPS server, which makes things a bit more complicated than just throwing them on a cheap CDN. And, of course, using HTTPS means you skip any caching proxies that are between you and the user.

mayanklahiri 15 years ago | | |

There was a good discussion about it on stack overflow: http://stackoverflow.com/questions/548029/how-much-overhead-...

The bottom line is that with keep-alive connections, the overhead should be less of a problem, since the only expensive part is the initial RSA key generation.

chapel 15 years ago |

A better solution would be for those sites targeted by FireSheep to force encrypted connections to login.

Also a simple fix for open networks is to enable WPA encryption with a simple password and give it to everyone that wants to use the network. It works the same to the end user (just one extra step) but at the same time protects them from unwanted snooping.

On a side note, all those coffee shops that don't like people solely using their networks and monopolizing tables, this news could push people to use unsecured networks less.

die_sekte 15 years ago | |

Actually, just encrypting the login is not enough. FireSheep steals session keys, not passwords. Everything that needs to have the session key needs to be served over SSL.

chapel 15 years ago | | |

That's what I meant, but obviously didn't explain it correctly. Thanks for the correction.