BlackSheep
With all the hype about Firesheep,
the Firefox add-on that snatches up social network login credentials
over open wireless networks, security companies are starting to make
anti-Firesheep measures available to the average user. BlackSheep,
developed by "cloud security" firm Zscaler, is a Firefox add-on that detects the presence of Firesheep on your network.
If someone is using Firesheep, BlackSheep will trick it with a fake login cookie. When Firesheep takes BlackSheep's bait and tries to get your user information from a site using the fake values BlackSheep has been sending out, you'll get a warning that Firesheep is operating, as well as the IP address of the person using it.
Unfortunately, BlackSheep is only available for Firefox at the moment. There are other security measures you can use, though. Sebastian has posted a roundup of ways to surf securely with SSL in any browser. Even more recently, someone released a Safari extension to force Facebook to use SSL. As far as direct anti-Firesheep countermeasures go, a Windows app called Fireshepherd can also help you shut Firesheep snoopers down.
If someone is using Firesheep, BlackSheep will trick it with a fake login cookie. When Firesheep takes BlackSheep's bait and tries to get your user information from a site using the fake values BlackSheep has been sending out, you'll get a warning that Firesheep is operating, as well as the IP address of the person using it.
Unfortunately, BlackSheep is only available for Firefox at the moment. There are other security measures you can use, though. Sebastian has posted a roundup of ways to surf securely with SSL in any browser. Even more recently, someone released a Safari extension to force Facebook to use SSL. As far as direct anti-Firesheep countermeasures go, a Windows app called Fireshepherd can also help you shut Firesheep snoopers down.
FireShepherd
A login-cookie-snooping Firefox plug-in called Firesheep
rocked the Internet by letting anyone compromise your Facebook or
Twitter account over a wireless network. Alarmed at Firesheep's 200,000
downloads, an Icelandic engineering student named Gunnar Sigurdsson
created FireShepherd, a program that crashes Firesheep with floods of nonsense packets.
Although Firesheep was originally created to prove a point about insecure login credentials on social networks, the huge number of downloads means that it could be a security risk to everyday users. Sigurdsson compares it to "living in a house with nothing but windows." Of course, security researchers or malicious users could patch up the Firesheep flaw that FireShepherd exploits, but FireShepherd's creator has vowed to keep finding new ways to stop the snooping plug-in.
Although Firesheep was originally created to prove a point about insecure login credentials on social networks, the huge number of downloads means that it could be a security risk to everyday users. Sigurdsson compares it to "living in a house with nothing but windows." Of course, security researchers or malicious users could patch up the Firesheep flaw that FireShepherd exploits, but FireShepherd's creator has vowed to keep finding new ways to stop the snooping plug-in.
No comments:
Post a Comment