By now, most people are aware (if not, now you are) of the FireFox plugin, FireSheep, which takes advantage of session and cookie hijacking to see other Facebook users on the same network. This plugin was designed to bring attention to the lack of security revolving around Facebook. In general, when you login to a website, your credentials are checked against a database. If a matching detailst is found, you are usually given a cookie that will handle all subsequent requests which make it so that you do not have to log in every time you do anything that requires authentication. It’s almost a given these days that websites are encrypting your credentials upon initial login. However, what is surprisingly not common is to see them encrypt everything else, which leaves the cookie, and of course the user, vulnerable.
In light of the appearance of FireSheep, a new plugin has emerged, BlackSheep. This new plugin is designed to drop fake session ID information on the wire, and monitors traffic to see if it has been hijacked. Once detected, the plugin will alert the user with the below message.
BlackSheep cannot block someone from using FireSheep, it simply alerts you that someone is using it on the network. Having been alerted, it’d probably be a good idea to not use websites that require authentication. The next time you are sitting at your local coffee shop using the free Wi-Fi, just remember that someone might be using your free information.
If you are wanting to play around with these plugins you can find the download links below. Be mindful that you cannot have both plugins installed in the same instance of FireFox due to similar code bases in each. You will need to use separate profiles or installs to have both active.