Remember FireSheep? If you don’t, please read my previous blog entry regarding FireSheep. Thanks to some over-zealous white hat hacker who released a FireFox extension call FireSheep, all open WIFI network aren’t safe anymore. Anyone who knows how to install a FireFox plugin can easily session sidejack your Facebook, Twitter, Dropbox etc etc etc.
The kind folks at Zscaler Security recently released a FireFox plugin call BlackSheep. BlackSheep listens to the network you are connected to and alerts you when it spotted someone in the network using FireSheep.
Sad to say, BlackSheep does not protect you against FireSheep. It only warns you that some jackass on the network is using FireSheep and could possibly be accessing your account already. When that happens, you should log out all your Facebook, Twitter, Foursquare, Dropbox etc etc. I mean manually go to each website and click on the logout button. This is because when you clicked on logout, the session cookies will expire and whoever using FireSheep will not be able to access your account anymore.
What BlackSheep is lacking is a feature to hack into the FireSheep user’s laptop and do some serious damage to his/her computer. I hope some white hat hacker is able to work on that.
Still looking for a temporary solution to this FireSheep problem while waiting for all websites to adopt SSL. I think it’s going to take some time. BlackSheep isn’t a very good solution to the problem. The best solution is something that does not require any action from the end users. In the meantime, my advice to everyone is to avoid using open public WIFI spot. If you must use a open public WIFI, make sure you install HTTPS Everywhere to protect yourself from FireSheep.
Please help spread the message about FireSheep. I don’t know how many people are using FireSheep on Wireless@sg.

Leave a Reply

Your email address will not be published. Required fields are marked *