Last month Seattle programmer Eric Butler exposed the weaknesses of open Wi-Fi networks with his Firesheep add-on for FireFox. The program intercepts browser cookies to identify users and allows anyone running it to log into sites such as Facebook and Twitter as the legitimate user. While Butler wanted to encourage the use of HTTPS to combat such vulnerabilities, users can now combat Firesheep with another Firefox add-on – BlackSheep.
Developed by researchers at Zscaler, BlackSheep works by continually dropping "fake" session ID information onto the wire and monitoring traffic for another IP address re-submitting this same information to see if it has been hijacked. If it detects the presence of Firesheep on the network, it alerts the user with a warning and the IP address of the person using it so they can log off and seek out more secure surroundings.
UPGRADE TO NEW ATLAS PLUS
More than 1,500 New Atlas Plus subscribers directly support our journalism, and get access to our premium ad-free site and email newsletter. Join them for just US$19 a year.UPGRADE
Because BlackSheep shares much of the same code base as Firesheep, the two add-ons cannot be installed on the same Firefox instance. If users want to run both on the same machine they will need to install them in different Firefox profiles.
The BlackSheep add-on is available as a free download for Mac OS X and Windows XP or later systems from Zscaler.View gallery - 2 images