New Firefox Plug-in Detects Browser Hijack Attacks
Cloud-based security company "Zscaler" has launched a new Firefox web browser plug-in called "BlackSheep" designed to protect users against a recent browser hijacking tool that allows just about anyone to potentially hijack your web browser session.
Firesheep: A 'Peculiar' Extension
In order to explain the details of how "Blacksheep" came to be, we need to take a few steps back.
In October of this year, a Firefox plug-in dubbed "Firesheep" was created. It was an extension put together by developer Eric Butler and demonstrated at the Toorcon security conference. The conference is held annually to raise awareness of network security issues. Firesheep's main purpose was to exploit weak transaction security on social networking applications, such as Facebook and Twitter.
Although the plug-in essentially demonstrated how virtually anyone can hack and hijack web browser sessions (albeit in an effort to raise awareness and alter carefree online practices), red flags should have been raised when the program was downloaded more than 100,000 times in the first 24 hours of its release to the public. (Source: yahoo.com)
Firesheep Used by Hackers for Man-In-The-Middle Attack
While Firesheep did serve as a positive inspiration for the creation of the software "Idiocy" (another awareness-raising network security tool), its appeal to those with ulterior motives seemed to prove too great. As Michael Sutton, vice president of security research at Zscaler put it, "Firesheep garnered considerable attention due to the fact that it makes web browser hijacking exponentially easier and can bring this capability to the masses." (Source: itpro.co.uk)
Web Browser Session Hijacking: As Easy As Point And Click
The way the attack works is similar to a "man-in-the-middle" scheme and is not limited to wireless networks: it can be any network (wired or wireless). The Zscaler website explains how a typical attack would work in detail:
"Session hijacking is nothing new. Web sites typically use SSL [secure] connections for initial login pages, but revert to non-encrypted [pages] for all subsequent communication. As such, while a user's username and password may be protected [and not seen by a hacker using a Firesheep attack], once the [user is] authenticated, any user on the same network can simply sniff network traffic, obtain a user's session ID and then hijack their session for a given website.
Although this has always been a serious risk, especially on insecure networks such as public WiFi hot spots, some degree of technical knowledge was required to accomplish the attack. Firesheep, opens such attacks to the masses as it turns session hijacking into a point and click exercise. Unless websites mandate SSL for all traffic on the site, session hijacking will always remain a threat. Fortunately, BlackSheep can be used to let you know if someone is running Firesheep on the same network. " (Source: zscaler.com)
Firesheep not on Blacklist
Further troublesome is the fact that, despite the security threat posed by the extension, Firesheep has not been added to Firefox's add-on blacklist because it does not utilize any security vulnerabilities in the browser itself. While those using Firesheep have been warned that the use of the extension can pose a violation of computer security laws in some countries, and if used for malicious purposes, these cautionary messages usually fall on deaf ears.
As Julien Sobrier, senior researcher at Zscaler Labs (and developer of the BlackSheep plugin) explains, "BlackSheep leverages much of the Firesheep [programming] code, but the twist is that rather than being used to hijack browsing sessions, it instead detects when a session is being hijacked and alerts the user. Firesheep is essentially used against itself to combat the threat it poses."
Those interested can download the BlackSheep Firefox plug-in by clicking here.
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.