INFORMATION SECURITY: Sidejacking Wi-Fi Hotspots – How a Hacker Can Access All of Your Online Accounts With a Free Program Part II: How to Recognize and Protect Yourself

Black Sheep will protect you from hackers at Wi-Fi hotspots

If you have not read Part I Please Read it Before you read below – Read Part 1 HERE >>>

In part one of this series I introduced you to the dangers of side jacking/man in the middle attacks using browser plugins such as Firesheep.

Part II will give you a few ways to see when someone is using Firesheep and how to protect yourself.

An easy way to determine if someone is using Firesheep is by using something called BlackSheep. BlackSheep is a simple plugin that will alert you whenever someone on the network you are on is using FireSheep. BlackSheep can be found here:

http://www.zscaler.com/blacksheep.html

From the site:

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked.

While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will receive a warning message.

I should note that if you want to try this for yourself and see results, you’ll have to have two separate computers running Firefox as both of the apps use a lot of the same code.

- The BlackSheep install is as simple as clicking the add to Firefox button allowing the install and restart Firefox. It’s installed and running.

- Once BlackSheep is running, you can adjust it to scan at different intervals, different interfaces and if you want it to start with Firefox or not.

- When you’re using it, if someone on the network tries to use FireSheep, you will get a popup like this:

- Once you see this pop up, (if you’ve got it installed), you can be safe in knowing that a HTTPS proxy service will help keep your stuff safe. As long as you’re visiting one of the sites that there is code/rules for.

- If you’re not using HTTPS Anywhere, it’s an easy enough program to use. Again, it’s a Firefox browser plugin so you’ll have to be using Firefox.

- Head on over to the Electronic Frontier Foundations site at http://www.eff.org/https-everywhere.

- Click on the big blue install button.

- Click on Install now, restart Firefox and it’s ready to run.

Whenever you visit any of the sites that you would have previously been vulnerable on, https anywhere will help keep your sessions secure. This will render Firesheep useless to gain your information.

Again, this will only work with sites that they have listed within the application, so make sure before you visit a site and think you’re secure, you check to see if it’s listed within the application.

You are able to choose which ruleset you’d like to enable, but I suggest keeping them all turned on unless it’s causing issues. Most of the sites that you’re likely to visit will have a rule available for it. The sites that have rules are:

Amazon, Dropbox, Facebook, Google Search, Mail.com, Twitter, Gentoo, Washington Post, NYTimes, bit.ly, Mozilla, Microsoft, WordPress.com, Cisco and others.

You are also able to write your own rulesets to add support for sites that aren’t listed.

Let’s take a look at creating a ruleset.

The rulesets that are used are xml files. An xml file is a way to mark data within a file so that it can be sorted easier and be formatted within a database for use. Sort of like tagging different columns within an Excel file.

There are several things that you need to ‘tag’.

• Ruleset name
• Target
• Rule form.

The Target is the domain or domains that the ruleset should be applied to. This target can also have wildcards so that it encompasses all portions of a website like .google.com or .microsoft.com or microsoft.com/*.

The rule part is actually what does the work. It will take the http portion of the domain name and force it to https. It’s simple enough and works quite well.

Here’s an example using Wikipedia:

- Open a new text file

- Enter the information into the file

<ruleset name=”Wikipedia”>
<target host=”*.wikipedia.org” />
<rule from=”^http://([^@:/][^/:@])\.wikipedia\.org/wiki/”
to=”https://secure.wikimedia.org/wikipedia/$1/wiki/”/>
</ruleset>

- Save the file as a .xml file instead of a .txt file in your profiles directory.

- That’s it.

- Restart Firefox and you’re good to go.

- A more thorough walkthrough of creating a ruleset can be found at the EFF rulesets page:

https://www.eff.org/https-everywhere/rulesets

If you’re not sure on where to find your Firefox Profile folder, it’s simple enough to find:

- Open Firefox, click on the Help menu. Select Troubleshooting Information.

- When the page opens, you will be presented with a decent amount of information. One piece is a link that will open the Profile Directory for you.

The way that https anywhere works is similar to if you were to have a .hosts file within your system configuration files that translates one set of internet addresses into another one. I haven’t been able to fully test this, but it should also work for a quick down and dirty answer if you’re not using Firefox.

I know this one is a pretty simple article and fairly short overall, but it’s a simple answer to a complex problem.

Was this helpful? Would you like additional information or have additional questions on this? Let me know in the comments.

—————————————————————————————

~Norm W.
Information Security Correspondent

Norm W. is an information security engineer currently employed as a CONUS civilian contractor. He has worked in the computer industry for the past 20 years and holds several security and non-security related IT certifications. Norm has worked with multiple agencies in the private and public sector as well as foreign companies and agencies to resolve information security issues.

Be Sociable, Share!

9 thoughts on “INFORMATION SECURITY: Sidejacking Wi-Fi Hotspots – How a Hacker Can Access All of Your Online Accounts With a Free Program Part II: How to Recognize and Protect Yourself”

  1. Fantastic article as usual, Norm – I’ve installed Black Sheep right away. I’ll feel much better about using airport Wi-Fi from now on!

    ~Alex S

      (Quote This Comment)

  2. Thanks goes to you once again Norm. Great article, I added black sheep right after you first article. And have taken some HTTPS preventative steps as well. I do wish however, that these steps would be more available on smart phones, since everything that can be done on a PC or Mac can now be done on these new phones and tablets. Hopefully it won’t be too long before these security steps can get enacted on them.

    But again, great article, it is appreciated.

      (Quote This Comment)

  3. Eugene,
    There are ways to take steps on some of the smart phones. A jailbroken iPhone has a few items to help with security. I believe also that a few of the Android phones have some security apps available as well.

    Other than that though, till the mainstream starts catering more to the mobile market, it’s not really going to happen.

      (Quote This Comment)

    1. I am not sure that I want to jail break my Iphone. I like that it is legal to do so now if I choose too. I am just not sure about it. However I am thinking that with the way the app world is designed that there would be a way to set up something that would be able to transfer things over to https.

      I know Opera, Mercury etc has there own separate browsers. I have been researching a few, which allude to them being more secure in the way that they won’t keep your browsing history and allows you to password enable the app itself. But nothing that states that it could defeat programs like blacksheep. I just wonder how difficult it would be to develop something like that. It seems that it would be advantages to those of whom do a lot of business on their smart phones.

        (Quote This Comment)

  4. Oops, Firesheep instead of blacksheep. And advantageous instead of advantages.

      (Quote This Comment)

  5. I understood. And as far as designing something, you’d have to design a web browser. I don’t know how well a third party app would interact with the current browser. Hmmm, I’ll have to download and test a few things on a few of the other browsers that’s available for the iPhone.

    I can sympathize with you on the jail-breaking thing. I’ve jailbroken my old iPhones and turned them into iPod touches (still working on one to be a hand held hack system using Linux) and found some stuff on there to be interesting.

      (Quote This Comment)

  6. what if you do not have Firefox installed on your computer? can it still happen through, say, Google Chrome?

      (Quote This Comment)

  7. Ross,
    The software will run on Firefox, but it doesn’t matter what browser you’re using, it’s still readable. I’ve retrieved from Firefox, Chrome, Safari, Opera, IE 6, IE 7, IE 8, IE 9 (beta), not to mention several ‘mini-browsers’ that some non-smart cell phones use (like the Motorola razor, etc).

    I’ve even extracted from ‘background’ log-ins. Overall, it’s fairly scary shit once you get down to it.

      (Quote This Comment)

  8. Great follow up to part 1 Norm. I have passed your articles over to a few family members that enjoy surfing and sipping in public. Hopefully this will serve as a wake up call.

      (Quote This Comment)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Upload Files

You can include images or files in your comment by selecting them below. Once you select a file, it will be uploaded and a link to it added to your comment. You can upload as many images or files as you like and they will all be added to your comment.