Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firesheep Countermeasure Tool BlackSheep

Posted by CmdrTaco on from the baa-ram-yew dept.

Orome1 writes "Slashdot already covered Firesheep, the Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping 'fake' session ID information on the wire and then monitors traffic to see if it has been hijacked."

3 of 122 comments (clear)

  1. Re:Secure login by marcansoft · · Score: 4, Informative

    Secure login doesn't matter. You need secure everything, or people can just steal your session cookie. That is almost as bad as having your login stolen.

  2. Re:or just use proper security by iammani · · Score: 5, Informative

    Exactly, this is what EFF's Firefox Addon does

  3. Re:So, to clarify... by Barefoot+Monkey · · Score: 4, Informative

    For how long can a session be hijacked anyway? If you close your browser, is the seesion instantly invalidated? Or only after like 5 minutes? I mean, in that case, Blacksheep could scream all it wants, and you'll still be a potential victim even if it warned you and you closed your browser (or tab).

    As long as the hijacker keeps using your session the session will stay alive, even if you close your browser. But if you actually log out of the website then the hijacker gets kicked off too. So if Blacksheep tells you that someone's on your account then log out of Facebook immediately. Or, better yet, check that your email address hasn't been changed while the other guy's been on your account, then log out.