Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

FireSheep, Sidejacking and Logging

I read a story today in eWeek about sidejacking and FireSheep. The headline read “Firesheep and Sidejacking Not Just a WiFi Problem”. First, it is important to know that I love “portmanteaus”, or made up words. So, the headline was a twofer, and was as exciting as it was incomprehensible. Secondly, I am currently reading Charles Stross’ groundbreaking work, Accelerando. The book is amazing; and has more unique ideas per paragraph that most books have in their entirety. Stross routinely uses words like “side-loading” (as opposed to uploading or downloading), and talks about being able to upload someone's human consciousness onto the net. And that is just an example from the first 20% of the book.  So eWeek’s use of these made up words immediately intrigued me.

Most of the articles I read on this security hole are very vague on how it all works. Whereas, the info on the FireSheep site makes it very clear what was happening. Essentially they are stealing someone else’s web session identity (sidejacking) - and it’s done VERY easily. This is alarming for someone like me because I shop online a lot at places like rei.com and radioshack.com over public wifi.

After the fear passed, it also became clear to me that you could use LogLogic’s products to catch this merely by correlating the SESSIONID to the IP, and if those changed, to take note of it. And this is something that I could do easily, since I run www.loglogic.com, and I log our web site at the web server and content management level. So, attacks like this would be obvious. You can bet I will add a new rule or 2 because of this.

Once again, LogLogic to the rescue: improving visibility and control.

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.