Browse Definitions:
Definition

Firesheep

Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks. The plug-in is essentially a packet sniffer that monitors and analyzes traffic between a Wi-Fi router and end users connecting to the network. Eric Butler, a Seattle-based software developer, created Firesheep and announced its release at the ToorCon hackers’ conference in October 2010.

Firesheep is so user-friendly that anyone using an unsecured Wi-Fi connection can hijack another user’s session.  The default Firesheep database includes 26 popular Web service and social networking sites, including Amazon, Facebook, Google, Twitter, The New York Times and Wordpress. The database can also be customized to include other websites. 

 

Here's Firesheep in action, as illustrated by Eric Butler's screenshots:

1. Firesheep appears as a sidebar. The attacker just has to connect through an unsecure Wi-Fi network and click "Start Capturing."

 

2. Firesheep will monitor the network traffic and, when it detects a user connected to a website in the Firesheep database, it will grab cookies and display a list of potential targets.

 

3. When the list appears, all the attacker has to do is double-click a name to log into the website as that user.

 

Firesheep works because of lax security in the way user sessions are authenticated on many websites. When the user logs in, the server checks for the user name and password and, when they are found, responds with a cookie that is used to authenticate subsequent communications. Websites commonly encrypt the initial communication but not subsequent ones. If the website is in the Firesheep database, Firesheep uses the session cookie to allow the attacker to do anything on the website that the valid user can -- including making purchases, posting updates, chatting or sending email.

According to Butler, his reason for developing Firesheep was to draw attention to the risks of session hijacking and the importance of adequate security to prevent it:

“This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.”

Because unsecured Wi-Fi networks abound in coffee shops and other public places, it would be unrealistic to expect people to stop connecting through them. However, to prevent session hijacking, public Wi-Fi users should avoid logging into websites.

This was last updated in November 2010

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

Extensiones de Documento y Formatos de Documento

Accionado por:

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • email spam

    Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

  • distributed denial of service (DDoS) attack

    A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple...

  • application whitelisting

    Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all...

SearchHealthIT

  • national provider identifier (NPI)

    A national provider identifier (NPI) is a unique ten-digit identification number required by HIPAA for covered healthcare ...

  • athenahealth Inc.

    Based in Watertown, Mass., athenahealth Inc. is a leading vendor of cloud-based EHRs for small to medium-sized physician ...

  • Affordable Care Act (ACA or Obamacare)

    The Affordable Care Act (ACA) is legislation passed in 2010 that changed how uninsured Americans enroll in and receive healthcare...

SearchDisasterRecovery

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

  • data recovery

    Data recovery restores data that has been lost, accidentally deleted, corrupted or made inaccessible. Learn how data recovery ...

  • disaster recovery plan (DRP)

    A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation ...

SearchStorage

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

  • virtual memory

    Virtual memory is a memory management capability of an OS that allows a computer to compensate for physical memory shortages by ...

  • yottabyte (YB)

    A yottabyte is a measure of theoretical storage capacity and is 2 to the 80th power bytes, or, in decimal, approximately 1,000 ...

SearchSolidStateStorage

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

  • NVDIMM (Non-Volatile Dual In-line Memory Module)

    An NVDIMM (non-volatile dual in-line memory module) is hybrid computer memory that retains data during a service outage.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close