A new program, rather an extension for firefox has come out recently named firesheep.
Please understand that not all members of the forum will be as technically aware as you might seem so this post has been generalized slightly to make some of the more complex protocols i'll go over understandable.
When you connect to the internet, you get two things.
An IP address.
A DNS server.
Your IP address is like your home address...it identifies the location of your computer.
A DNS server is like the INDEX in a library...where you can look up the name of a book and find its number. Only, in this case were looking up a "domain" and its associated "ip"
Because there are sooooo many new websites...it would be almost impossible for YOU to keep an updated list of all those site names, and all there IPs...so you connect to a DNS server which stores them for you.
So when you go on your browser and type in MONSTERFISHKEEPERS.COM in your browser what really happens is..
YOURCOMPUTER -> phone wire...routers...etc -> DNS SERVER
once your computer has sent MONSTERFISHKEEPERS.COM to the DNS server...The DNS server checks its index to see if it has an IP for that domain.
Once the DNS server FINDS the IP of MFK's server, which is 74.86.16.37
It tells your computer.
DNS SERVER -> phone wire...routers...etc -> YOURCOMPUTER
So now your computer knows the IP of MFK...and we know, the IP is the LOCATION of the server. So your computer can connect to the SERVER and get the data.
....
If you don't understand here is a slightly simpler explanation
you (your IP) walk to the library (dns server) and you look up the title of a book (domain) to find where its located (IP address)
...
Now heres where things go south...real south.
What if, for what ever reason you connected to a DNS server...that said... 192.168.1.1 was the address of MFK (not 74.86.16.37 like we know it is)...
your computer, sadly, isn't smart enough to notice a change...and even if it did...servers change IP's all the time so if it warned you everytime you'd just start ignoring it...
Regarless...so now your computer thinks MFKs is located at 192.168.1.1 instead of 74.86.16.37 ...but it doesn't know better so it loads it up...
now what if, on this new server...they uploaded a site that looked just like MFK...you go to sign in...and BAM...your passwords stolen.
This is called DNS poisoning, It is a very EASY and simple way to get a person to tell you your password...
But see, you might be thinking...well I don't download any programs, I'll be fine...
sadly, there is a Protocol all to easy to exploit that will let your computer be taken over by anyone...they don't even have to do anything.
APR poisoning...
With out going too far into detail, this is basically the protocol that is in effect when you first connect to the internet, right when your getting your IP address...sadly before the DNS server too.
What happens is you sit down at your computer and connect to your internet and your computer goes off searching for a modem, or router, to tell it where to find a nice DNS server...
and bam. Before you know it, your computer is tricked into using a fake dns server...
But hey, what if you're really smart, you know a bit about this DNS game so you tell your computer to ALWAYS use that DNS server your ISP told you to?
haha, no. Sadly...all this does is make the hacker have to use a different exploit inside ARP...
see, when you send any data from your computer...to a server...its sorta transmitted right out in the open...even some SSL connections which both facebook and twitter have implemented incorrectly are exploitable.
Don't worry tho, an ARP attack normally takes a bit of effort, well...I really should only say dont worry if I found a way to travel back in time to inform you...
sorry.
There is a new extension, for firefox called, firesheep which easily allows anyone, even your grandma, the ability to ARP poison 100s of computer...in seconds...and get all there passwords and data. And, they have about 100,000 downloads in 2 days.
Please understand that not all members of the forum will be as technically aware as you might seem so this post has been generalized slightly to make some of the more complex protocols i'll go over understandable.
When you connect to the internet, you get two things.
An IP address.
A DNS server.
Your IP address is like your home address...it identifies the location of your computer.
A DNS server is like the INDEX in a library...where you can look up the name of a book and find its number. Only, in this case were looking up a "domain" and its associated "ip"
Because there are sooooo many new websites...it would be almost impossible for YOU to keep an updated list of all those site names, and all there IPs...so you connect to a DNS server which stores them for you.
So when you go on your browser and type in MONSTERFISHKEEPERS.COM in your browser what really happens is..
YOURCOMPUTER -> phone wire...routers...etc -> DNS SERVER
once your computer has sent MONSTERFISHKEEPERS.COM to the DNS server...The DNS server checks its index to see if it has an IP for that domain.
Once the DNS server FINDS the IP of MFK's server, which is 74.86.16.37
It tells your computer.
DNS SERVER -> phone wire...routers...etc -> YOURCOMPUTER
So now your computer knows the IP of MFK...and we know, the IP is the LOCATION of the server. So your computer can connect to the SERVER and get the data.
....
If you don't understand here is a slightly simpler explanation
you (your IP) walk to the library (dns server) and you look up the title of a book (domain) to find where its located (IP address)
...
Now heres where things go south...real south.
What if, for what ever reason you connected to a DNS server...that said... 192.168.1.1 was the address of MFK (not 74.86.16.37 like we know it is)...
your computer, sadly, isn't smart enough to notice a change...and even if it did...servers change IP's all the time so if it warned you everytime you'd just start ignoring it...
Regarless...so now your computer thinks MFKs is located at 192.168.1.1 instead of 74.86.16.37 ...but it doesn't know better so it loads it up...
now what if, on this new server...they uploaded a site that looked just like MFK...you go to sign in...and BAM...your passwords stolen.
This is called DNS poisoning, It is a very EASY and simple way to get a person to tell you your password...
But see, you might be thinking...well I don't download any programs, I'll be fine...
sadly, there is a Protocol all to easy to exploit that will let your computer be taken over by anyone...they don't even have to do anything.
APR poisoning...
With out going too far into detail, this is basically the protocol that is in effect when you first connect to the internet, right when your getting your IP address...sadly before the DNS server too.
What happens is you sit down at your computer and connect to your internet and your computer goes off searching for a modem, or router, to tell it where to find a nice DNS server...
and bam. Before you know it, your computer is tricked into using a fake dns server...
But hey, what if you're really smart, you know a bit about this DNS game so you tell your computer to ALWAYS use that DNS server your ISP told you to?
haha, no. Sadly...all this does is make the hacker have to use a different exploit inside ARP...
see, when you send any data from your computer...to a server...its sorta transmitted right out in the open...even some SSL connections which both facebook and twitter have implemented incorrectly are exploitable.
Don't worry tho, an ARP attack normally takes a bit of effort, well...I really should only say dont worry if I found a way to travel back in time to inform you...
sorry.There is a new extension, for firefox called, firesheep which easily allows anyone, even your grandma, the ability to ARP poison 100s of computer...in seconds...and get all there passwords and data. And, they have about 100,000 downloads in 2 days.
