How can you protect yourself from session hijacking with firesheep?

[DrZoidberg]

Hi,
I read about firesheep, a firefox plugin that allows you to log into other peoples accounts (twitter, facebook, etc). It's called session hijacking.
So now that every 12 year old is able to connect to a public wlan hotspot and log into other peoples accounts, I wonder how you can protect yourself from it.
How is it even possible? IP packets sent from one computer in a wlan network to e.g. facebook will go to the router and from there into the internet but all the other computers in the same wlan network should not even see those IP packets, do they? Is a wlan router actually sending each IP packet to ALL the computers in the network? Is it possible to prevent this?

 

[fss]

Don't use unencrypted sites/login pages. Duh?

Alternatively, only sign into networks that use WPA2 encryption.

 

[DrZoidberg]

Yes I know, but that is not always possible.
Do you know how firesheep manages to monitor the connection between my computer and some website?

 

[fss]

Yes I know, but that is not always possible.

But it is possible to avoid non-encrypted websites and non-secured wireless access points.

Do you know how firesheep manages to monitor the connection between my computer and some website?

Look up http://netsecurity.about.com/cs/hackertools/a/aa121403.htm" . In a wireless network you are sending your packets to the access point via RF. Anyone with an antenna and the proper software (like Firesheep) can intercept those packets.

 

[DrZoidberg]

Thanks,
But I still have more questions.
If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?

 

[fss]

If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?

That question was answered in the link I posted. Please do some of your own research.

 

[Pattonias]

I have a CS major friend who has been playing around with firesheep and he has been attacking firesheep users with a similar program called blacksheep. At the least, it will tell you if others on the same network are using firesheep. I don't know that it provides any protection. He used it as a starting point in a security experiment they were doing. Interesting stuff, way over my head though.

 

[trautlein]

Just when you go to Facebook, don't type just facebook.com, type https://www.facebook.com
That'll make it so you automatically use their encrypted log in. There are lots of addons for browsers out there that do this automatically for you for most sites that allow it.

 

[Crosstalk]

I'll comment on Facebook -- they really do not like you to use https (https is encrypted, http is not), in my experience.

If you just try going to https://www.facebook.com, it seems to try and redirect you back to http://www.facebook.com.

The only way I have found to get around this is by using a browser plugin. I'm sure there's one for Firefox, but for Chrome it's called "Facebook Secure Connection (Force Https SSL)".

If you're using https, however, they disable chat for you. How nice of them :)

On the original topic:

When browsing a web page using wifi, there are two likely scenarios in terms of having an encrypted connection:

1) Encrypted wifi
2) https

You are correct in saying that someone else can intercept your traffic if they have the encryption key for the network you're on -- or it's unencrypted.

However, if you're on any wireless connection other than your own, or it's not secured with at least WPA, then assume that they can intercept your packets.

Https encrypts information between the server and your computer, and, as far as I know, has not been broken yet (unlike WEP). Therefore, even if they can intercept your packets over wifi, they still can't decrypt your https traffic.

However, they can still tell what server you're accessing, unless you're using an encrypted proxy.

In other words:

Make sure the important sites you are accessing are using https when you are on insecure wifi.

If you don't want them to even know what site you're looking at, then you'll need to use an encrypted proxy. They can still find out you're using a proxy, however (and the proxy could record the sites you are accessing).

 

[re1s]

Also don't accept new certificates, ARP spoofing and sslstrip can give you the impression you are still on a https connection, however it's actually a man in the middle attack and the MITM is forwarding your information to the actual server.