Practical Technology

for practical people.

Herding Firesheep

| 0 comments

The more I think about Firesheep, the network packet sniffer for dummies, the more I realize that end-users are never going to be able to deal with the problems that it brings to the table. Sure, there are lots of ways to handle Wi-Fi vulnerabilities from a user’s desktop. But, at the end of the day, the easier methods, such as forcing a site to set up a secure HTTP connection, won’t work with all sites and some people are too dumb to use any protection even after they’ve been told that they’re letting anyone look over their virtual shoulders.

Yes, there is now a Windows program, FireShepherd that knocks out near-by Firesheep users with a brute-force attack of junk packets. But, as the author of FireShepherd wrote, “the user is still in danger of all other session hijacking mechanisms” and “this is only a temporary solution to the Firesheep problem.” Exactly. I also wonder what transmitting a bunch of junk every 400-milliseconds or so is going to do to both your, and the network’s, overall throughput-nothing good I’m sure.

So, bottom line, the real solution to Firesheep, is going to have come from the Web sites and their owners. Firesheep’s author, Eric Butler, point that “The only effective fix for this problem [open, unencrypted Wi-Fi] is full end-to-end encryption, known on the web as HTTPS or SSL” is correct. There really isn’t any other answer.

More >

Leave a Reply