Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firesheep Countermeasure Tool BlackSheep

Posted by CmdrTaco on from the baa-ram-yew dept.

Orome1 writes "Slashdot already covered Firesheep, the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping 'fake' session ID information on the wire and then monitors traffic to see if it has been hijacked."

8 of 122 comments (clear)

  1. Re:Secure login by marcansoft · · Score: 4, Informative

    Secure login doesn't matter. You need secure everything, or people can just steal your session cookie. That is almost as bad as having your login stolen.

  2. Re:Secure login by SgtKeeling · · Score: 3, Informative

    Most email and social network site do use a secure login, but it's not logging in that's the issue. After you've logged in securely, your session information keeps getting sent back and forth over regular http, instead of https, and there is enough information in there for firesheep to impersonate you.

  3. Re:or just use proper security by iammani · · Score: 5, Informative

    Exactly, this is what EFF's Firefox Addon does

  4. Re:Secure login by AdamsGuitar · · Score: 3, Informative

    The issue with Firesheep is session hijacking, not theft of login and password information.

  5. Re:So, to clarify... by Barefoot+Monkey · · Score: 4, Informative

    For how long can a session be hijacked anyway? If you close your browser, is the seesion instantly invalidated? Or only after like 5 minutes? I mean, in that case, Blacksheep could scream all it wants, and you'll still be a potential victim even if it warned you and you closed your browser (or tab).

    As long as the hijacker keeps using your session the session will stay alive, even if you close your browser. But if you actually log out of the website then the hijacker gets kicked off too. So if Blacksheep tells you that someone's on your account then log out of Facebook immediately. Or, better yet, check that your email address hasn't been changed while the other guy's been on your account, then log out.

  6. Re:or just use proper security by iammani · · Score: 3, Informative

    Mmm neat, but force-tls is not helpful for wikipedia (and other similar sites), that need mapping from en.wikipedia.org/wiki/Google to secure.wikimedia.org/wikipedia/en/wiki/Google

  7. Re:or just use proper security by iammani · · Score: 3, Informative

    Mmm I have not pasted the link properly... EFF's plugin can map automatically from http://en.wikipedia.org/wiki/Google to https://secure.wikimedia.org/wikipedia/en/wiki/Google It is not possible with force-tls

  8. Re:or just use proper security by iammani · · Score: 3, Informative

    Spot-on, Force-tls actually prevents DNS spoffing attacks and nothing more. Say you try to visit http://www.bankofamerica.com/ from starbucks, someone might spoof the dns and redirect you to their own page rather than https://www.bankofamerica.com/ . Force-tls prevents this by not requesting for the http page and directly requesting for the secure page (it knows for what pages it has to request using https, by remembering the last time you visited the site (to be more specific, whether the site had sent a X-Force-TLS when you had visited them before)).