May 2, 2011

Tech Chop Episode 6–Sidejacking With Firesheep

I know it has been a while since I made a video for Tech Chop. I have had a lot of things going on. I finished up some certifications, and also found a new job where I will get paid more, yet deal with a hell of a lot less users. It seems like it will be my dream job!

Anyhoo, I had some spare time this weekend and decided to get to filming. This time I decided to talk about a subject I decided to do a final project on in college when I was working on my degree in Network Security. That subject was on Sidejacking. Of course it was with some tools called Ferret and Hamster. Now it’s even easier with a Firefox add-on called Firesheep.

If you don’t know what Sidejacking or Session Hijacking is, Wikipedia describes it as:

The exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer

In this video I discuss what Sidejacking is, how easy it is to use Firesheep, how to protect against Sidejacking using SSL, and finally how to detect if someone is using Firesheep on the network using Blacksheep.

Here is episode 6 of Tech Chop!


It’s important to know that Sidejacking works on any site not encrypted using SSL. That means company Exchange servers, SharePoint servers, basically anything with a web page is can be hacked using this tool.

So what do you think? Are you going to enable SSL on Facebook and Twitter? What about on important company web sites? Let us know how you protect against these types of attacks in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam