Next week I’ll be out in New Orleans at SC10, and every year at SuperComputing they have a high-speed network available for all attendees, and along with it a huge display of all the passwords they’ve managed to sniff out of unencrypted connections (ftp, telnet, unsecure HTTP). This year, they’ll have some new competition thanks to the popular ‘FireSheep’ extension making the rounds. If you want to make sure you don’t fall for a FireSheep install (and I almost guarantee there will be someone there using it), then check out the new BlackSheep extension.
BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network.
Of course, BlackSheep won’t actually protect you, just warn you (at which point, it’s probably too late). The only real solutions?
- Don’t use WiFi, Use a Cellular Modem instead
- Use all encrypted services (SSH & HTTPS)
- My Personal Favorite, Use a VPN
And know you know.. And Knowing is half the battle!
via Zscaler Cloud Security : SaaS Web Security, Web Security, URL Filtering, Internet Security.
