It’s been over 3 weeks since Firesheep was released, and yet still there seem to be so many misconceptions about this particular vulnerability. The most prevalent of these misconceptions is that HTTP Session Hijacking, also known as “sidejacking” is something which is limited to only wireless networks. And this belief is not limited to just session hijacking attacks. Somewhere along the way a myth was propagated that wired switched networks are somehow impervious to attacks like these and other similar types of attacks because of the use of collision domains and the inability of an attacker to have unfettered access to the Layer 2 medium. As I mentioned in my previous article on the Misconceptions About Sidejacking with Firesheep, attacks like these and others are not relegated to strictly wireless networks, and in fact there are many so-called Man-in-the-Middle (MITM) attacks which can be performed on a switched wired network to compromise the imaginary security of a Layer 2 collision domain.
Recently, I had a conversation with my hosting provider to determine if they had IPv6 support. I’m interested in getting my web site set up and reachable via IPv6. Below is a copy of the conversation I had with their customer support, and clearly indicates we’ve got a long way before IPv6 is ready for the masses:
Bluehost Support: Hi, how can I help you?
Stefan: Hi, I am a hosting customer and I was wondering if you currently have support for IPv6?
Bluehost Support: Let me look into that for you.
Bluehost Support: Yes, we do support IPv6.
Stefan: Great! Is there a cost associated with that and how do I go about setting that up?
Bluehost Support: I am sorry, we cannot give you IPv6 until our IP5 runs out.
Stefan: Wait, you just told me you have support for IPv6. What the heck is IP5?
Bluehost Support: IP5 is the version before IP6. We can’t give you an IP6 until our IP5 runs out. I am sorry for the misunderstanding.