Feeds

Firefox extension detects FireSheep snoop software

Unleash the BlackSheep

Top 5 reasons to deploy VMware with Tegile

Researchers from security firm Zscaler have published free software that detects when users' web connections are being monitored by a controversial tool that steals log-in credentials from Facebook, Google and dozens of other websites.

Dubbed BlackSheep, the Firefox extension alerts users when computers on a local area network are using FireSheep to steal unencrypted cookies the websites use to grant users access to their account pages. When BlackSheep detects the snoop software in a hotspot or other open Wi-Fi network, it displays a message that reads “Somebody is using FireSheep on this network.” It then displays the LAN IP address of the offending party.

BlackSheep's release comes two weeks after security researcher Eric Butler published FireSheep in an attempt to expose the bovid practices of Facebook and other websites that don't bother to encrypt session cookies used to authenticate their users. With the exception of Twitter and a handful of Google services, few popular websites offer the end-to-end encryption needed to foil such attacks, a shortcoming that seemed to be lost on the masses until FireSheep made it easy to exploit the weakness.

FireSheep listens to web traffic for instances when users on an unsecured network log in to known websites such as Facebook, Google, and Yahoo. Although such websites encrypt the login name and password entered by the user, most send the corresponding session cookie in the clear, making it easy for people performing man-in-the-middle attacks to appropriate them and use them to access the user's account.

FireSheep had been downloaded 659,620 times at time of writing, according to figures supplied by Butler.

BlackSheep, which is based on the FireSheep source code, works by broadcasting fake session IDs over the network and then monitoring to see if other machines use them to sign in. By default, it checks a network every five minutes, but can be configured to send out faux cookies more or less frequently as preferred by the user. Zscaler has more information here.

Since FireSheep's release, Microsoft appears to have added detection for it to its antivirus software. This seems like a reactionary and futile move on the part of Microsoft, since detecting the snoop software will in no way protect users from the underlying vulnerability. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.