By now, you’ve probably heard of Firesheep, the Firefox plugin that makes it trivial for someone on an unsecured WiFi network to hack user login info for many other social networks. Yesterday, ZScaler Security released BlackSheep, a Firefox plugin to alert you if someone is using Firesheep on your network. This is promising, but can also lull you into a false sense of security.
BlackSheep is based upon the Firesheep source code, and reuses the same network listening backend, as well as the same list of sites and corresponding cookies. The problem is that Firesheep was but one way (albeit the easiest way) for someone to exploit you on an unsecured wireless network. There is nothing in the description of BlackSheep to suggest that it will protect you from other types of hacking attempts.
The real way to stay safe on a public WiFi network? Connect only to secure networks (in which case even other people on the same network can’t hijack your traffic), connect only to HTTPS sites, or connect via a VPN.
So . . . fess up- have any of you tried Firesheep, or seen it in action? Or maybe you have a horror story about being hacked? Let us know in the comments.
Tony says:
Yes, I confess. I used Firesheep. And it worked. Shame on me.
Interestingly, it doesn’t seem to work anymore for me. It just gives me an error message. I learned my lesson.
November 9, 2010 — 11:02 pm
Evan Kline says:
Reported . . . ;)
November 11, 2010 — 1:23 pm