Protect Yourself from Firesheep Sidejacking

by Albert on January 3, 2012

What is side jacking?

Side jacking has become a significant issue after the frequency of the events of websites hacking in the recent years. There are large numbers of websites around the world that are extremely vulnerable of getting hacked at any time. Due to the increase of similar incidences, Eric Butler who is a web developer along with his colleague Ian Gallagher have made a Firefox plug in to raise proper awareness against attacks on websites and the plug-in is known as the Firesheep that can initiate sidejacking pretty easily.

There are numerous websites that are vulnerable for session hijacking and are in dire need to be fixed perfectly in order to avoid these incidences which can be done through exchanging information through TLS/SSL protocol. This Firesheep Sidejacking is known to be the most acceptable antidote for preventing these sidejacking incidences. However, no website administrators can ignore these incidences of sidejacking as the hackers can easily exploit these websites especially in public Internet service’s hotpots.

However, if you want to protect your personal database and sensitive information from Firesheep sidejacking, you can try these options listed below:

1. Do not browse the websites that can revert back or stick to HTTP port:

Websites that allows log in over un-encrypted HTTP ports or revert to HTTP ports after the SSL login system are the primary target of the users. Any system that has the capability of intercepting the traffic process will be able to record or reuse the cookie and this will be indentifying the user on subsequent requests. Therefore, your authentication details consisting of IDs and passwords will be easily hacked. Besides, some of the popular websites like Amazon, Facebook, Flickr, Google, PayPal, Windows Live, Twitter, Yahoo and WordPress are the most vulnerable ones where sidejacking can occur at any time. Though, these websites cannot be avoided as they are extremely popular and significant websites due to their efficient services for the Internet users.

2. Leaking cookies over HTTP ports need to avoid:

Some of the popular websites have already tried some steps in order to prevent those sidejacking incidences but their efforts have not been adequate enough to sort out these issues. However, they need to remember that servers should be able to make a secure flag to inform browsers for sending the cookies only over SSL. But these instructions have not been followed by some of them and this is something that had let cookies leaked over the HTTP. For an example, if you enter a URL without writing the HTTP prefix, your browser will send all the cookies over HTTP before it can redirect to SSL. In reality, most of the Internet users do not have any idea about the websites that can make this kind of mistake and control over those cookies from transmitting into the cyber space. If you want to know about the vulnerability of the browsers, you can certainly do that through importing a script of that particular domain into Firesheep application and you will be able to easily detect their vulnerable aspects.

3. Log off from the website after you are done with the associated task:

If you are using the Internet service from a public computer, then you must log off from all of the websites that you have entered and logged in. However, logging off from websites can invalidate the cookies created during the log in session and those cookies may be grabbed by Firesheep. Though, some cookies may keep logged in for some days or weeks even and by the time you have logged off, your session will already be sidejacked and will cause several problems. However, there are some partial solutions available for you with which you can try to reduce the risk factors of getting sidejacked. Firesheep usually works through capturing the web traffics while accessing into some networks from open Wi-Fi hotspots or in LANs and it is easier to grab unencrypted HTTP.

4. Try to avoid unencrypted Wi-Fi connections:

If you can encrypt everything while working at office or at home or through public network, then it will certainly help you to avoid those sidejacking incidences. Although, there are not many hotspots available that can offer WPA2-Enterprise which has the capability to reduce the risk of being hacked while accessing the websites. Moreover, this WPA2-Enterprise has the ability to encrypt Wi-Fi but it starts with a shared passphrase. Though, it is not enough to cover up those public hotspots except some of the places where specific vendors are using unique per user passphrases.

5. Trustworthy hotspots should be used:

WPA2-Enterprise will help you to check out the server’s certificate of 802.1X and make the whole process of hacking difficult enough to for the hackers in a hotspot. However, it is really not possible for each and every Internet user to check the access point of a public hotspot whether it can be trustworthy or not. Still it is also important to check the SSL portal certificates and notice all sorts of warning that has been shown by the browser in order to prevent data sending traffic.

6. Try to stick to a secure LAN:

It is important to know that sidejacking can be initiated through an Ethernet LAN and side network from which any hacker can intercept those unencrypted traffics. Whenever you plug into those public LAN from any business center or hotel room, there will be conditions where your traffic will be intercepted by other people. Therefore, it is particularly crucial for wireless or wired network operators to take necessary steps for stopping down ARP spoofing, eavesdropping and inter-client communication system. It is truly unfortunate that, most of the users do not have any idea whether those safety steps are taken in the network or not.

7.  Counterpart with Firesheep:

Some of the experts have suggested the users to use the Firesheep in order to do counter attack against its own function. For an example, Firesheep usually sends data packet bursts in every half second which may be done in order to crash the Firesheep itself and prevent from prolong Firesheep sidejacking. This may help as it will discourage the hacker as the whole LAN will be slowed down by the counter attack and this will certainly prevent them from any productive use of networking system. To make it worthy enough, you need to have your own network.

8.  Roll down your own Internet connection to make it secure:

Steps that are dependent on the network usability for accessing the Internet service is in incomplete manner. However, side jacking is in fact addressed by the network independent solutions as the application based layer attack. Besides, you can try to use secured Internet service wherever you roam around in order to avoid those unwanted incidences. Moreover, it will be much better if you can use the secured Internet service from a secured hotspot and to make it possible you can connect your personal computer or laptop with your 3G containing smart phone which will act as the secured mobile hotspots. This step will certainly help users to avoid those unsecured public hotspots and protect your personal database from other network users. The whole process will totally be dependent on the quality of secured service deployed by your cellular network provider to get a secure connection.

10. Use VPN service to protect everything:

This is by far the best possible solution to protect yourself from Firesheep sidejacking when you cannot ensure the proper use of SSL properly on certain sensitive websites. You can certainly send your personal data traffics through a properly configured and encrypted VPN tunnel. Moreover, you will need to make sure that you preferable VPN service will not leak HTTP if the VPN tunnel goes down for some unknown reasons. However, a VPN service has the ability to prevent sidejacking no matter what type of network you prefer to use or websites that you visit randomly on a regular basis or using Internet service from public hotspots. If you are able to get one of the top charted VPN service, then you will certainly get all the advantages while accessing into different websites. Moreover, this specialized service will provide top notch online security and privacy that will help users from not getting hacked while accessing into some popular websites.

Best VPN Service Protect Yourself from Firesheep Sidejacking:

Out of all the available VPN service providers you can follow the one listed below as they are the better service provider.

Rank Provider Starting Price Visit Provider Site
1 Hidemyass $6.55/ Month Visit Provider Site
2 ExpressVPN $8.32/Month Visit Provider Site
3 StrongVPN $21/ 3 Months Visit Provider Site
4 IAPS $8.32/Month Visit Provider Site
5 VyprVPN $14.95/Month Visit Provider Site

{ 1 comment… read it below or add one }

Anon June 8, 2012 at 7:29 pm

What about item number 9?


Leave a Comment

Previous post:

Next post: