Firesheep? How do we protect ourselves from this and similar software?

I only just saw this Firesheep thing on a current affair programme here in Oz, and it leaves me wondering if the OS X firewall is enough to keep safe from such a thing when using wifi hot spots, etc?

6string, firesheep only works on unencrypted wireless networks. It exploits the nature of the packets being transmitted in clear text. It is a modern day implementation of traditional packet sniffing (which wired networks faced back in the old bus and hub architecture days), however there is a focus on HTTP and payload inspection.

Other less technical characteristics include the nature of human stupidity and simplicity. In the old days networks were fewer in numbers and anyone administrating a network understood to some extent how the technology worked, today everyone uses network based technology with little to no understanding on how it works.

Did you also notice that most of the exploited users on the ACA were mac users? It must have something to do with the fact that most mac users are completely clueless about the nature of underlying technologies. Its not entirely their fault, Apple designed OSX to hide many of the underlying complexities to meet the simplistic nature of their target audience. This brings us full circle and back to your statement… firewalls have nothing to do with the encryption of wireless network packets.

6string said:

I only just saw this Firesheep thing on a current affair programme here in Oz, and it leaves me wondering if the OS X firewall is enough to keep safe from such a thing when using wifi hot spots, etc?

Click to expand...

There are only a few ways to be safe from Firesheep...

1. Don't use wireless networks that don't have a password on them.
2. If you do use a non-password protected network, connect to the net through VPN.

Other than that, not a ton you can do. Really, I think most places with free wifi should take the initiative to add a simple password to their network which would protect everyone and is the responsible thing to do. It's our job to make sure they know about it and do it.

And if you must use a connection where Firesheep will work, use BlackSheep to warn you if someone is using it.

Or grab the Firefox plugin - HTTPS Everywhere - from the EFF and available here.

Surely WPA2 Personal with a thirteen digit/letter password would provide ample protection, apart from using HTTPS Everywhere?

You would only want to use that when you're out and about using free and open wifi networks.

bobtomay said:

Or grab the Firefox plugin - HTTPS Everywhere - from the EFF and available here.

Click to expand...

But that only works if the site supports HTTPS. And unfortunately, that plugin is only for Firefox.

harryb2448 said:

Surely WPA2 Personal with a thirteen digit/letter password would provide ample protection, apart from using HTTPS Everywhere?

Click to expand...

It depends on your definition of "ample protection", WPA2 is ok for stopping most firesheep users (again the common user has very little understanding of the underlying technology the software utilizes). Some/any level of encryption it is likely to stop 99.9% of users. The last 0.1% can't be stopped, they'll first crack WPA2 using something like rainbow tables and then the behaviour of firesheep will be transparent as an unencrypted network (at that point we can debate if they'd even use firesheep). Fortunately, the very small minority of users that understand the technology (and maths) well enough to achieve this are unlikely to be wasting their time hacking at public wirelness networks.

Sorry to have started a debate guys.... I was hoping for something in layman's terms, as my understanding of anything in regards to internet setup, security, etc is 0.00!
Thank you though, for all the responses trying to help, and I do appreciate it.

No debate. And I think it's worthwhile letting folks know about things like this to become aware of what they're doing when using unsecured networks.

I know next to nothing about all the hacking side and what can be done related to being able to intercept data either.

6string said:

Sorry to have started a debate guys.... I was hoping for something in layman's terms, as my understanding of anything in regards to internet setup, security, etc is 0.00!
Thank you though, for all the responses trying to help, and I do appreciate it.

Click to expand...

Case in point, firesheep exists because users don't understand technology. Firesheep will actually be a good thing, if it raises users understanding of the technology around them (although I highly doubt it).

TheAntiM said:

Case in point, firesheep exists because users don't understand technology. Firesheep will actually be a good thing, if it raises users understanding of the technology around them (although I highly doubt it).

Click to expand...

Hmmm, not quite!
What you call a good thing is your bad Karma!

Anyway, apart from that condescending statement above, as much as TheAntiM may feel this gives credit to his/her statement, I'm as lost as I was at the first response to this thread, by ....TheAntiM
VPN, HTTP, and the list goes on, not to mention all the googling I did, to try to make all of it make sense to me, still no wiser.
My computer studies were at school with a commodore 64 in typing class
I really do appreciate all the attempted help though!

I must add TheAntiM..... Does the stand for anti Mac?

Thanks for the help?
Thanks for joining Mac Forums for that!

TheAntiM said:

It depends on your definition of "ample protection", WPA2 is ok for stopping most firesheep users (again the common user has very little understanding of the underlying technology the software utilizes). Some/any level of encryption it is likely to stop 99.9% of users. The last 0.1% can't be stopped, they'll first crack WPA2 using something like rainbow tables and then the behaviour of firesheep will be transparent as an unencrypted network (at that point we can debate if they'd even use firesheep). Fortunately, the very small minority of users that understand the technology (and maths) well enough to achieve this are unlikely to be wasting their time hacking at public wirelness networks.

Click to expand...

You're right, just like locking your car won't stop a determined car thief.

But...

Adding any security will deter them because why spend time hacking into WPA2 when there's 50 other places with no security? The only way someone is going to be that determined is if there's something that they really, really want from behind that security since breaking it isn't trivial.

schweb said:

But that only works if the site supports HTTPS.

Click to expand...

Well, all sensible websites do. It's the only real way to protect against session stealing and MITM attacks. Using a wired or secured wireless network helps only so long as you trust everyone else on that network.

Shame on those websites that don't.

TheAntiM said:

Case in point, firesheep exists because users don't understand technology. Firesheep will actually be a good thing, if it raises users understanding of the technology around them (although I highly doubt it).

Click to expand...

That is terrible logic. That's like saying that because people break the law, we need to break the law to show them their ignorance. Firesheep is thus a hypocritical tool - demonstrate to people that their information is easy to get by stealing it and making the tool available. Yes, let's protect people's information by making the tool easily and readily accessible for everyone.

vansmith said:

That is terrible logic. That's like saying that because people break the law, we need to break the law to show them their ignorance. Firesheep is thus a hypocritical tool - demonstrate to people that their information is easy to get by stealing it and making the tool available. Yes, let's protect people's information by making the tool easily and readily accessible for everyone.

Click to expand...

Telling people something is nowhere near as effective as showing people something. And showing something happening to someone else is never as effective as showing it happening to them. People just don't believe in anything that's not rubbed in their face.

Trust me, the hackers already knew how to do this a long time ago.

i would like to point out the a website called WikiLeaks has shown that our governments networks are not secured and now the government is being dragged through the mud about stuff they thought was secure. i also believe that when this firesheep came out and people's facebooks were getting hacked there was a media frenzy about it and made more people aware of what was going on.

vansmith said:

That is terrible logic. That's like saying that because people break the law, we need to break the law to show them their ignorance. Firesheep is thus a hypocritical tool - demonstrate to people that their information is easy to get by stealing it and making the tool available. Yes, let's protect people's information by making the tool easily and readily accessible for everyone.

Click to expand...

You’re right about one thing; this is all about user ignorance. But your understanding of my logic is flawed. Firesheep is good as a “thing” because it raises awareness; the simple fact that it allows anyone to do payload inspection out of a web browser indicates a deeper underlying issue. If anything, it’s about the nature of socially constructed understanding rather than a technology limitation, it just happens to use technology as a delivery method. I think the technologist sees this viewpoint.

As for you 6string, bravo, the TheAntiM indeed implies Anti-Mac. Before you quickly jump to label me (as I have done with many users), you need to understand my dislike for Mac/Apple has formed over many years of working with the technology and the people! Call me a purest, but I’ve watched the technology grow from a workhorse developed with a niche target market, running on an advanced platform (POWER), to a withering GUI orientated system. The modern day mac is designed to do nothing more than capture market share from a population of users that cannot see beyond the desktop. Apple spends most of their time developing UI improvements and packaging to meet this population rather than the essence of what real technology innovation is about. This is clear as day in the typical MAC (PC) vrs Windows (PC) argument is which focuses on aqua vrs Desktop Windows Manager (BTW for all those fanboys reading this MAC IS A PC, MAC HAS ALWAYS BEEN A PC, if you believe otherwise you’ve been brain washed by the marketing machine that is Apple). As for the people, I don’t have to go into detail about fanboys and other forms of ignorant users, who will blindly defend the platform without understanding both the underlying technology and the competitors’ products or innovations (one cannot truly claim to understand any phenomena in the world when viewing it from a single lens). Another side of the people element is a little more personal, as a purist and technologist; I have particular expectation of my peers, which in my experience with many so called “mac experts” and members of the “professional service” teams has been dismal at best.

With all that aside, there are many valid use cases for mac. I do know of many educated Apple users (however none are purely Apple users) who have a specific requirement to use a mac.