New Tool Protects Users from Firesheep Hackers

A new Firefox add-on has been released to protect users surfing social networks at their local Starbucks or other Wi-Fi landing spot. Does this "BlackSheep" really work, or is it just a wolf in sheep's clothing?

A new Firefox add-on has been released to protect users surfing social networks at their local Starbucks or other Wi-Fi landing spot. Does this “BlackSheep” really work, or is it just a wolf in sheep’s clothing?

Dubbed “BlackSheep,” the user-protection add-on was released today by online security firm Zscaler.

The tool comes in response to “Firesheep,” the Firefox add-on released last month that left users of top social media sites like Twitter and Facebook open to attack by ‘everyday’ hackers. The easily downloadable tool let users just as easily hijack the accounts of users through open Wi-Fi networks.

BlackSheep counters that danger by alerting users when someone on the same network is using Firesheep. The tool uses fake cookie values to make HTTP requests every five minutes to sites monitored by Firesheep. If Firesheep is detected, Blacksheep displays a warning and even supplies the hacker’s IP address.

“We essentially used Firesheep against itself to combat the threat it poses,” said Julien Sobrier, senior researcher at Zscaler Labs and the developer behind BlackSheep.

The company first posted detailed instructions for detecting Firesheep on a network, followed by the release of the free, downloadable tool, BlackSheep.

One consequence of BlackSheep’s success, using the same code base as Firesheep, is that users can’t install Firesheep and Blacksheep on the same computer.

The real solution, proposed by Firesheep creator Eric Butler, is for Web sites to install full, end-to-end HTTPS encryption.

Facebook was the first to admit that can’t yet happen, but at least users now have options.

Protect yourself by not using Wi-Fi networks, to exploring the Firefox add-on “HTTPS Everywhere” from the Electronic Frontier Foundation and, now, BlackSheep.