

Two firesheep denial-of-service attacks - comice
http://blog.scaramanga.co.uk/2010/11/08/two-firesheep-denial-of-service-attacks/

======
jonafato
This seems to me as though the phrase "denial-of-service attack" is being used
loosely here. Firesheep is not a service being extended by a central server to
many users. You're blocking the individual user (or users) of firesheep with
this. This won't disrupt the users of web services that are legitimately
trying to use a site. IANAL, but I think this could be argued to be different
from the kind of DoS that would land you in prison for several years in at
least the US and UK.

That said, a DoS attack against firesheep users, if convicted, would probably
have more repercussions than what ever identity fraud the firesheep users
could be prosecuted for (per case). This is a great example of where someone
trying to benefit society (preventing possible identity fraud) could be
labeled a terrorist. I fear the day that the FBI starts going after
"terrorists" to protect identity thieves.

------
daten
I would think using firesheep to access private information in other peoples
accounts without consent is illegal. The fact that those people were using an
unencrypted link doesn't make it less illegal, at least in my country.

I also think denial-of-service attacks against legitimate services are
illegal.

But my question is, what about denial of service attacks against illegal
activity such as firesheep when the attack doesn't affect any legitimate users
or services? A specially crafted packet that exploits weaknesses in firesheep
code doesn't harm anyone else on the network, like for instance a network
flood would.

~~~
moshezadka
I believe denial-of-service attacks, even against someone who you think is
committing a criminal activity (remember: we are all innocent until proven
guilty) is still illegal.

tl;dr: taking the law into your own hands is illegal, yes.

~~~
jackowayed
Is sending out one packet that firesheep happens to break firesheep a DoS?
It's not even targeted at that computer--it's just sent out on the network.

What about if I setup a device on the network that blinks a light whenever it
sees that packet? I'm not trying to kill firesheep--I'm just trying to blink
that light, and firesheep happens to be grabbing the packet and breaking.

I'm not just trying to be difficult; I'm genuinely interested in what would
and would not constitute an illegal DoS under US Law.

~~~
david_shaw
Although technically illegal, "network self defense" would be a reasonable
defense in a case such as this. Firesheep is designed specifically as a
sniffer (legal to possess, illegal to use to steal data), and breaking its
sniffing and crashing the host software really isn't going to be prosecuted.
Remember that this won't DoS _anything_ unless someone is running Firesheep
against you.

Think about this: government-funded researchers in security run massive
honeypots that attract hackers, who are then observed. Researchers often try
to hack back through the botnet, as the Computer Security Group at UCSB did in
their well-publicized ten-day takeover of the Torpig network.

Edit: Some more data:

 _"At the beginning of 2009, we took control of the Torpig botnet for ten
days. Over this period, we observed more than 180 thousand infections and
recorded more than 70 GB of data that the bots collected."_

So these researchers took over the botnet and downloaded _70 GB_ of data that
they sniffed. That's not just data on the botnet itself, but identifying data
of the hosts that Torpig had infected. In this case, we have no idea what data
was being siphoned around (although presumably not credentials, it's feasible
that CC#'s were being moved to and from controllers). So whatever data Torpig
stole, times 180,000 infections. We trust these guys because they're
researchers, but are they above the law in a case such as this? Just something
to think about!

------
alttab
This is very cool. Some speculate that FireSheep is hype.

If one guy on an unencrypted LAN is running FireSheep, and another guy is
running FireFlood, I expect to see an unabated nerd fight break out.

------
andrewcooke
Thanks very much. Am deploying now...

