With more than 600,000 copies of the FireSheep browser plug-in downloaded in a matter of weeks, Web security firm zScaler have released a new Firefox plug-in, BlackSheep, in hopes of combating attempts by those using FireSheep to try to hijack their Web session.
The new tool is just the latest attempt to protect Web users on unencrypted wireless networks against prying eyes. An earlier release, FireShepherd, attempts to disrupt FireSheep’s attempts to listen in on insecure Web sessions.
ZScaler’s plug-in works in a different way: monitoring insecure networks for the telltale signs of the FireSheep application, then alerting users when Firesheep is being used to hijack their Web sessions. Once Firesheep is identified, BlackSheep will notify users and advise them to log out and stop their network connection.
Firesheep, unveiled at Toorcon last month, gives users an easy interface to hijack others’ social networking sessions via unsafe wireless connections. The tool has gotten its fair share of scrutiny in the last few weeks, with downloads approaching three quarters of a million. Still, Eric Butler, one of the plug-ins two creators, defends his work from criticism, saying it has helped to accelerate discussions about implementing more security on social networks and other burgeoning Web applications.