Sidejacking, a technique of hijacking web sessions of other users in the network, has suddenly gained much attention on the Internet, thanks to a new Firefox extension Firesheep.
In a sidejacking session, the attacker sniffs data packets of the transactions over the network and steals cookie which the attacker can then use to impersonate the victim on the site the user is currently logged in. Even if they have encrypted login pages, unsecured HTTP sites use cookies to identify you during the entire session and this is what the attacker exploits. An attacker with certain tools can steal the cookie during transaction and use it to make the server treat the hijacker as the legitimate user. This vulnerability has existed since a long time but exploiting it was never so easy nor was it as alarming.
Firesheep, a Firefox extension released last week makes sidejacking easier than logging into your own account !!! All a user needs to do is install it in Firefox, the interface appears as a sidebar with a button labelled “Start Capturing” In the capture mode, Firesheep monitors network traffic and when another user in the network logins to sites which Firesheep knows to be insecure such as Gmail, Facebook,Twitter, the user’s name and display picture is shown in the sidebar. Double-clicking on the picture logs you into the particular site and into the account of the targeted user. In case, the targeted site is Facebook and the user is John Doe, the attacker is also logged in as John Doe which gives her/him control over the account that the legitimate user has. It is alarming to not that in the first day, more than a hundred thousands downloads. Facebook, Twitter and Gmail have come to play in all spheres of our lives, just anybody using a particular tool, gaining complete control over our accounts is a nightmarish thought!
However, not everyone of us is at risk, not from Firesheep at least. This tool is intended to work on insecure open WiFi connection which is becoming very common in cafes, airports, campuses etc. So, when connecting to WiFi that are not password protected, we should make sure that we are using HTTPS protocol rather than HTTP protocol which sidejacking tools like Firesheep exploits. TechCrunch explains in detail how to prevent Firesheep from hijacking your web session.
Note: Now that the exploit is in the open for more than a week, most Web 2.0 sites would have patched up their services already or would do it very soon. What needs to be remembered is that other than Google, most services don’t implement site-wide SSL encryption which means they are always at a greater risk sidejacking attacks.Author- Danish Ahmed