Thursday, November 25, 2010

Eliminate the Firesheep Threat with Blacksheep

A few weeks ago, the security community was rocked with the news of the release of a Firefox plugin called "Firesheep". FireSheep, once plugged-in to Firefox, is capable of hijacking sessions of users within a network. It raised a big concern because everyone who uses Facebook, Twitter, Gmail, Yahoo Mail and other web services are fair game if they access their accounts on a "free" and unsecured Wifi hotspot.
In order to minimize the threat posed by Firesheep, security experts recommends the use of other Firefox plug-ins that forces SSL connection to those web services. That holds true up until now. By making sure that there is a secure session between your browser and your favorite web service, Firesheep should not be able to hijack your accounts. Another way to mitigate the threat posed by Firesheep, one may also use a VPN service to make sure that ALL web traffic to and from your computer is encrypted.

But if you want to take things further, you can also install a plug-in called Blacksheep. Blacksheep, like Firesheep is also a Firefox plug-in but instead of hijaking accounts on the network, it detects the presence of Firesheep -- making the user aware that there is a "bad guy" in the vicinity that is trying to do something nasty to other users in the network. Blacksheep, however, can not be installed if Firesheep is already installed because these two plug-ins share a lot of common codes.

Let me just reiterate this: Blacksheep will NOT protect its users from session hijacking done using Firesheep. It will only help users know if someone is doing session hijacking on a network. In order to protect yourselves from the threat posed by Firesheep (and other similar exploits), it is still best to make sure that your web surfing session is secured either by SSL or by using a VPN.

No comments:

Post a Comment