"Whenever you open a laptop or tap a mobile device in an area with a lot of people also using such equipment, you’ll invariably see a network named “Free Public Wi-Fi” or some variant. Such
networks are often the result of a quirk in Windows XP,3 which can be innocent (but annoying), but the networks can also be spawned by identity thieves looking to grab personal information from the unwary.
The urge to connect to “free” Wi-Fi is strong, but these networks are really computer-to-computer connections masquerading as an available network.
This creates a direct connection to another person’s computer, which presents a host of potential security issues. A user connecting to such a network could expose his researcher to demonstrate weaknesses in social-networking and commerce sites, can steal someone’s identity from the same network with a single click,5 whereas this degree of exposure was
previously minimal due to the technical complexity of performing the procedure. Firesheep makes it point-and-click simple for even the most unsophisticated snoop. Firesheep scans open networks for tokens sent by Web sites after a secure or insecure login that uniquely identifies that user for a session that might last minutes or days. The tokens are embedded in browser cookies, which are not encrypted if the Web pages being visited aren’t also secured.
Most web services like Facebook and Twitter are not encrypted by default – exposing users to this exploit just by visiting their site. A Firesheep user can click any active session collected during the scan, and connect to a Web site as that user. This allows a hacker to hijack the user’s session and take control of their account, changing passwords, posting spam or performing other nefarious tasks. Generic sniffing Any public network is open to passive sniffing—or detection, storage, and analysis—of all the traffic passing over it that is not
separately encrypted by a user or a service to which the user connects. Because many software programs, including email clients, may send passwords in the clear (unencrypted as plain text), a sniffer can retrieve information of great utility for identity theft and ecommerce fraud. Most email programs send all email
in the clear – meaning that anyone within range can see the full text of every email a user sends on an open hotpsot. The majority of these programs have an option to force secure connections for sending/receiving mail to thwart this exploit."
Click here for the whole paper.
