I wrote about a Firefox extension, FireSheep, that could let someone else on the same public WiFi connection as you could log into your social networking accounts.
Eric Butler released Fire Sheep download with a good intention to show the seriousness of how lax the login procedures are for most of the popular social networking websites.
However, it makes it so easy for someone with bad intentions to sit in a public space and log into someone else’s account.
ZScalar Security has released an effective countermeasure with a Firefox add-on called BlackSheep. It detects and warns you if your session is being hijacked by FireSheep.
FireSheep can access your Facebook, Twitter, FourSquare and other logins through cookies. BlackSheep counters this by providing FireSheep fake login cookie and alerts the user when Fire Sheep firefox is detected by displaying the IP address of the person using FireSheep and alerts you to log off.
Julien Sobrier, the developer of BlackSheep, says
BlackSheep leverages much of the FireSheep code, but the twist is that rather than being used to hijack sessions, it instead detects when a session is being hijacked and alerts the user.
If you haven’t protected yourself with solutions that force some websites to use HTTPS protocol for login, BlackSheep is an effective countermeasure at the moment.
You can learn more about this potentially dangerous extension here – What is Firesheep?
Sounds like a great plugin for people who love the thrill of knowing they’ve just been screwed. Why would you use this and not one of the security plugins to keep your session from being jacked in the first place?