Tuesday, November 23, 2010

Firesheep, Blacksheep and botnets

Firesheep became a problem recently for people who use wireless internet in cafes, libraries etc. because it meant someone else nearby could download this free software to snoop on your activities.
This was quickly followed by another application called Blacksheep, which says it can detect snooping to alert you to the fact.
To understand how BlackSheep works, we first need to understand the details of FireSheep. FireSheep listens to the HTTP traffic on port 80. When it identifies a transaction to a known site (Facebook, Google, Yahoo!, etc.), it looks for specific cookie values which are then used to identify a specific user.

When FireSheep identifies a user session, it then makes a request to the same site using the user's cookie values in order to retrieve user information such as their name, picture, etc. This active network activity is however visible to others on the local network.

BlackSheep detects the active connection made by Firesheep. It does this by making HTTP requests to random sites handled by FireSheep every 5 minutes (configurable) with fake values. BlackSheep then listens to all HTTP requests on the network to detect if somebody else is using the same fake values.
Zscaler has recommended users logout of the social service they are using as soon as an alert is raised and stop using the network.

All this should make the average user wary of doing confidential things in wireless internet situations. There are smarter hackers out there than the person who downloads Firesheep.

As for the idea that your computer may have been captured and be secretly used as part of a zombie computer army or botnet, please follow this link to McAfee to find out more.....

Here are some tips to help keep you bot-free:
  • Never click on a link or download in a spam email or instant message from someone you don’t know
  • Use comprehensive security software, like McAfee Total Protection™ software, to protect you from viruses, spam, and other Internet threats, and keep the software up-to-date
  • Set your operating system and browser to automatically apply updates
  • Turn your computer off when you are not using it—when you are disconnected from the Internet cybercriminals can't access your machine
Are you already part of a botnet?? Well, there is advice at the above link about that too.
Some major ISPs have already begun malware disinfection programs. Australia's recently launched voluntary anti-zombie code for ISPs was held up as a good model for achieving relatively low levels of infections. General levels of education were also an important factor.
Don't get paranoid, just get SAFE!

No comments:

Post a Comment