Get the Source

You’ll need to download the source code from github, which can be done using the following two commands:

git clone https://github.com/codebutler/firesheep.git
cd firesheep
git submodule update --init

These two commands will download the code required to compile Firesheep, putting the source into a new directory called “firesheep”.

Build Tools

To compile Firesheep on Ubuntu 10.04 or 10.10 you’ll need the following development packages installed. Simply copy-paste the following list of packages into your terminal:

sudo apt-get install autoconf libtool libpcap-dev libboost-all-dev libhal-dev xulrunner-1.9.2-dev

On my machine this installed quite a few packages, and while the main Firesheep website lists 10.10 specifically, I had no problems on my 10.04 installation.

Build Firesheep

You’re now ready to compile Firesheep. Run the following command and hopefully you’ll be able to build it without error:

./autogen.sh && make


Install the Plugin

If all is well you should find a new file called ‘firesheep.xpi’ in a subdirectory called build (ie; firesheep/build/). Simply drag-and-drop that file into your Addons dialog box, restart Firefox and you should be set.

I’ve been having some issues in actually capturing data on my Dell D630 with an Intel Pro/Wireless 3945ABG card. It looks like this tool is often hardware specific, so your mileage may vary. I’d be interested in anyone offering suggestions on getting it to capture properly on OS X 10.6 (macbook) or Ubuntu 10.04+.

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-0159)

Orlando Barrera II discovered a flaw in the Web Workers implementation of
Firefox. If a user were tricked into posting to a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0160)

Alin Rad Pop discovered that Firefox’s HTML parser would incorrectly free
memory under certain circumstances. If the browser could be made to access
these freed memory objects, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1571)

Hidetake Jo discovered that the showModalDialog in Firefox did not always
honor the same-origin policy. An attacker could exploit this to run
untrusted JavaScript from other domains. (CVE-2009-3988)

Georgi Guninski discovered that the same-origin check in Firefox could be
bypassed by utilizing a crafted SVG image. If a user were tricked into
viewing a malicious website, an attacker could exploit this to read data
from other domains. (CVE-2010-0162)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 9.10

If you have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes.

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-0159)

Orlando Barrera II discovered a flaw in the Web Workers implementation of
Firefox. If a user were tricked into posting to a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0160)

Alin Rad Pop discovered that Firefox’s HTML parser would incorrectly free
memory under certain circumstances. If the browser could be made to access
these freed memory objects, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1571)

Hidetake Jo discovered that the showModalDialog in Firefox did not always
honor the same-origin policy. An attacker could exploit this to run
untrusted JavaScript from other domains. (CVE-2009-3988)

Georgi Guninski discovered that the same-origin check in Firefox could be
bypassed by utilizing a crafted SVG image. If a user were tricked into
viewing a malicious website, an attacker could exploit this to read data
from other domains. (CVE-2010-0162)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04

If you have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes.

It was discovered that Squid incorrectly handled certain auth headers. A
remote attacker could exploit this with a specially-crafted auth header
and cause Squid to go into an infinite loop, resulting in a denial of
service. This issue only affected Ubuntu 8.10, 9.04 and 9.10.
(CVE-2009-2855)

It was discovered that Squid incorrectly handled certain DNS packets. A
remote attacker could exploit this with a specially-crafted DNS packet
and cause Squid to crash, resulting in a denial of service. (CVE-2010-0308)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

Emmanouel Kellinis discovered that Ruby did not properly handle certain
string operations. An attacker could exploit this issue and possibly
execute arbitrary code with application privileges. (CVE-2009-4124)

Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that
Ruby did not properly sanitize data written to log files. An attacker could
insert specially-crafted data into log files which could affect certain
terminal emulators and cause arbitrary files to be overwritten, or even
possibly execute arbitrary commands. (CVE-2009-4492)

It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. This issue only affected Ubuntu 9.10. (CVE-2009-1904)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade


In general, a standard system upgrade is sufficient to effect the necessary changes.

It was discovered that Tomcat did not correctly validate WAR filenames or
paths when deploying. A remote attacker could send a specially crafted WAR
file to be deployed and cause arbitrary files and directories to be
created, overwritten, or deleted.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart your session to effect the necessary changes.

It was discovered that gnome-screensaver did not correctly handle monitor
hotplugging. An attacker with physical access could cause gnome-screensaver
to crash and gain access to the locked session.

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart your session to effect the necessary changes.

It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use the DATA
DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks.
This update alters table creation behaviour by disallowing the use of the
MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This
issue only affected Ubuntu 8.10. (CVE-2008-4098)

It was discovered that MySQL contained a cross-site scripting vulnerability
in the command-line client when the –html option is enabled. An attacker
could place arbitrary web script or html in a database cell, which would
then get placed in the html document output by the command-line tool. This
issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.
(CVE-2008-4456)

It was discovered that MySQL could be made to overwrite existing table
files in the data directory. An authenticated user could use symlinks
combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly
bypass privilege checks. This issue only affected Ubuntu 9.10.
(CVE-2008-7247)

It was discovered that MySQL contained multiple format string flaws when
logging database creation and deletion. An authenticated user could use
specially crafted database names to make MySQL crash, causing a denial of
service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04.
(CVE-2009-2446)

It was discovered that MySQL incorrectly handled errors when performing
certain SELECT statements, and did not preserve correct flags when
performing statements that use the GeomFromWKB function. An authenticated
user could exploit this to make MySQL crash, causing a denial of service.
(CVE-2009-4019)

It was discovered that MySQL incorrectly checked symlinks when using the
DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks
to create tables that pointed to tables known to be created at a later
time, bypassing access restrictions. (CVE-2009-4030)

It was discovered that MySQL contained a buffer overflow when parsing
ssl certificates. A remote attacker could send crafted requests and cause a
denial of service or possibly execute arbitrary code. This issue did not
affect Ubuntu 6.06 LTS and the default compiler options for affected
releases should reduce the vulnerability to a denial of service. In the
default installation, attackers would also be isolated by the AppArmor
MySQL profile. (CVE-2009-4484)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

In general, a standard system upgrade is sufficient to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06)
the kernel updates have been given a new version number, which requires
you to recompile and reinstall all third party kernel modules you
might have installed. If you use linux-restricted-modules, you have to
update that package as well to get modules which work with the new kernel
version. Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-server, linux-powerpc), a standard system
upgrade will automatically perform this as well.

Details follow:

Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4
filesystems did not correctly check certain disk structures. If a user
were tricked into mounting a specially crafted filesystem, a remote
attacker could crash the system or gain root privileges. (CVE-2009-4020,
CVE-2009-4308)

It was discovered that FUSE did not correctly check certain requests.
A local attacker with access to FUSE mounts could exploit this to
crash the system or possibly gain root privileges.  Ubuntu 9.10 was not
affected. (CVE-2009-4021)

It was discovered that KVM did not correctly decode certain guest
instructions.  A local attacker in a guest could exploit this to
trigger high scheduling latency in the host, leading to a denial of
service.  Ubuntu 6.06 was not affected. (CVE-2009-4031)

It was discovered that the OHCI fireware driver did not correctly
handle certain ioctls.  A local attacker could exploit this to crash
the system, or possibly gain root privileges.  Ubuntu 6.06 was not
affected. (CVE-2009-4138)

Tavis Ormandy discovered that the kernel did not correctly handle
O_ASYNC on locked files.  A local attacker could exploit this to gain
root privileges.  Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)

Neil Horman and Eugene Teo discovered that the e1000 and e1000e
network drivers did not correctly check the size of Ethernet frames.
An attacker on the local network could send specially crafted traffic
to bypass packet filters, crash the system, or possibly gain root
privileges. (CVE-2009-4536, CVE-2009-4538)

It was discovered that “print-fatal-signals” reporting could show
arbitrary kernel memory contents.  A local attacker could exploit
this, leading to a loss of privacy.  By default this is disabled in
Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)

Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly
handle jumbo frames.  A remote attacker could exploit this to crash the
system, leading to a denial of service.  Only Ubuntu 9.04 and 9.10 were
affected. (CVE-2010-0006)

Florian Westphal discovered that bridging netfilter rules could be
modified by unprivileged users.  A local attacker could disrupt network
traffic, leading to a denial of service. (CVE-2010-0007)

Al Viro discovered that certain mremap operations could leak kernel
memory.  A local attacker could exploit this to consume all available
memory, leading to a denial of service. (CVE-2010-0291)

The above security vulnerabilities apply to the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 8.04 LTS
• Ubuntu 8.10
• Ubuntu 9.04
• Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

With internet technology, and the rise of cloud computing, SSL is becoming more important than ever. Corporations usually have it as a standard to secure their networks with VPN, with solutions seen in ATT virtual private nets. VPN and use of Proxies can enhance online security and is also available for consumer use.

In this article I will outline how to configure your IRC client to connect to the Freenode IRC network using SSL client encryption. This article includes instructions for Irssi, Empathy and Pidgin.

Access Freenode via SSL – Irssi

This section outlines how to configure irssi, the command-line IRC client, to connect to freenode via SSL secure connection.

First, you’ll need to ensure you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

It is likely that this is already installed, but it won’t cause any problems to attempt installation just to make sure.

Once you’ve verified that you have the latest CA root certificates you can connect to Freenode via SSL using the following command:

/connect -ssl_verify -ssl_capath /etc/ssl/certs chat.freenode.net 7000

If you’d like to automatically connect to freenode each time you launch irssi, use the following:

/network add -nick <nick> -realname <realname> freenode

/server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000

/save

Access Freenode via SSL – Empathy (IDLE)

This section outlines how to configure Empathy, the default messaging client in Ubuntu 9.10+, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates, you’ll also need to verify your Empathy configuration. Below is a screenshot for the FreeNode configuration in Empathy. Ensure yours matches the port and SSL activation.

Empathy FreeNode configuration

Access Freenode via SSL – Pidgin

This section outlines how to configure Pidgin, the default messaging client in older Ubuntu releases, to connect to freenode via SSL secure connection.

You’ll need to verify that you have an updated list of CA root certificates. This can be done by verifying  you have the following package installed:

sudo aptitude install ca-certificates

Once you’ve verified that you have the latest CA root certificates you’ll also need to verify your Pidgin configuration. Below is a screenshot for the IRC configuration in Pidgin. Ensure yours matches by modifying your account.

On the “Basic” tab, the default Server: entry will likely be “irc.ubuntu.com”. Unless you change this to “chat.freenode.net”, you’ll get a warning about not being able to verify the certificate.

Pidgin Basic Configuration

Next, navigate to the Advanced tab. On this tab you’ll need to change the Port: to 7000 and activate the checkbox for “Use SSL”. When you are finished, save your changes

Pidgin Advanced Configuration

Conclusion

Encrypted connections via SSL are important for network security, particularly in the situation where usernames and passwords are being transfered. As end-users we should be aware of improved security options available to us, such as encrypted network connections. If you are an IRC user and haven’t yet made the switch to SSL enabled connections, I’d invite you to take a minute and do so now.