Protecting Yourself From Firesheep

A: Firesheep, a free extension for Firefox that was released a few weeks ago, bills itself as a tool designed to expose networks that leave information unencrypted, thereby failing to protect users who access said networks. By explosing the security flaws, though, Firesheep has made amateur hacking as easy as following a few simple steps. And that's why the extension has been getting a lot of attention.

"Any time you use a free public Wi-Fi hook up -- such as those you find at Starbucks and many airports -- your risk of having someone sitting nearby commandeer your session is imminent," USA Today explained. "That's because most free Wi-Fi hook ups are unencrypted."

A new extension, BlackSheep, promises to alert you whenever your information is comprised because of a Firesheep user. Built using the same open-source code that runs Firesheep, BlackSheep generates fake traffic on your network every X minutes (configurable) to hunt out Firesheep. If it detects a Firesheep user, BlackSheep adds a warning to your open browser tab and will also note the IP address. BlackSheep's notification doesn't protect you, but it will tell you when to disconnect from the network you're on. Also, it doesn't notify you of any hackers using different programs to access your information through the network. But, as Firesheep has grown in popularity since its release, especially among users without the skills to hack using a different program or code, adding the extension to your browser couldn't hurt.

Tools mentioned in this entry:

More questions? View the complete Toolkit archive.