SecurityHunk

Google Apps has indeed added a bit of ease to most of the people those who are on move,they can access there favourite google service from anywhere any time if they have access to internet.Suppose the device from where they are accessing the Google Apps account get stolen then the person possessing the device can open their account using the session cookies present in the browser without even knowing the authentication credentials(username & password).

Google really thinks about its user's security so,it has added a feature to reset the session sign-in cookies for a
particular user and that user needs new authentication to sign-in.


Step 1.
Login(As Administrator) in to the control panel of your Google Apps account and reach the dashboard as shown below.The control panel can be accessed from the link below.
( http://www.google.com/a/your-domain_name.com )

Step 2.
To avail this feature you need to have the "Next generation control panel".To do this follow the instructions shown in the image below.
Step 3.
Now click on the "Organisation and users" tab and click on the desired username for whom you want to reset the sign-in cookies as shown in the image below.
Step 4.
Now "User information" open up and you can see the "Reset sign-in cookies" option in the password section.Just click on it then the user has to re-authenticate again when they start a new browser session.

To remote wipe a mobile device visit here.

In one of my last post I wrote about "Firesheep Tutorial" which can be used to get control of user's session.Here in this tutorial I will discuss about a firefox addon called "Blacksheep" that can detect firesheep in the network.So lets start...

What is a Blacksheep?

It is a firefox addon that detects firesheep in an open or public wifi network.The credit goes to Zscaler  for bringing it out.It is made by using the source code of firesheep and taking into consideration the working of the same.


How it works?

As I explained in my post on firesheep that it traps the cookies of the user's session and uses the same to login to the listed websites.Here what the blacksheep does is that it has got the list of the same website in it so when it is the network it generates fake cookies of those sites listed in firesheep in every 5 minutes(you can change it)and if in case someone is using firesheep and traps the same fake cookie(of blacksheep) then blacksheep gives an alert with the IpAddress of the attacker system.It actually exploits the weakness of firesheep of not able to differentiate between fake cookies(of blacksheep) and the original(generated during user session).

 Note:Blacksheep wont protect session hijacking through firesheep rather will give an alert of its(firesheep) use in the network.

How to use it?

Warning: If "firesheep" is installed the same browser then disable it before using blacksheep.Because since firesheep also traps the cookie of the mother browser so the blacksheep may pop an alert with your own IpAddress.

Requirements:

1.Winpcap (Download)

2.Blacksheep Addon (Install)

3.Windows XP or later version (OS for this tutorial)

4.Firefox 3.5 or newer(32-bit)

5.Public or open WiFi (Suspecting Firesheep)


Configuration:

Step 1.Having set with all the requirements open up firefox.

Step 2.Disable firesheep if you have installed it as shown below.

Step 3.Follow the path Tools-->Add-ons in the top menu.

Step 4.Search for blacksheep in the add-ons list and click on options and change to your desired interval as shown below.
Working:

Here is the video from Zscaler on the working of blacksheep hope you will like it.




Credit : http://research.zscaler.com/

Recently Eric butler at Toorcon12 exposed and demonstrated the session hijacking problem (aka sidejacking) with the help of a selfmade addon of firefox called "Firesheep".Using this method the attacker can control the account of the victim even knowing the password .This tool can also be used to hack facebook account
,twitter etc.Today in this post I will discuss how this is carried out and the countermeasures needed to avoid this problem.So lets start....

I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.

What is Http Session hijacking(aka Sidejacking)?

In session hijacking an attacker hijacks(or controls) the user's session after the user has successfully logined or authenticated with the desired server.Here in this post the addon "firesheep" works like a sniffer and captures the cookies of the user on the same wireless network used to authenticate to few predefined webpages in the addon.This problem still persits in https websites also because it only encrypt the login of the users but after the rest of the session is left unencrypted.


Requirements:

1.Public Wifi access.

2.Winpcap (Download)

3.Firesheep (Download)

Procedure:

1.Download the "firesheep" from the above link and using the "openwith" option open it in Firefox.

2.Having installed it,restart the browser and follow the instruction in the image below.

3.Now you can see the firesheep has opened up in the sidebar then follow the instructions in the image below.

4.Then click on the "Start capturing" button at the top.Before doing this make sure that you are connect to an open wifi network say your college or campus wifi.

5.After doing that wait for few seconds and you will see the result will start appearing in the sidebar as shown below.Click on any result and the pre authenticated session will open in your browser.

So the users using public wifi like in airport or accessing internet in coffee shop need to be careful.Follow the below countermeasures

Countermeasures:

1.Https is not the solution to this problem rather you can use VPN to access public wifi.There are few paid services also look out in google.

2.You can also setup your own server using Cygwin and use the SSH client putty to use it and configure your browser to use socks proxy.Then access the desired website.