photo © 2005 Peter Shanks | more info(via: Wylio)Eric Butler’s Firefox browser extension Firesheep took the Internet cafe world by storm a couple weeks ago when we and others wrote about the controversial plugin that compromises your social networking connection data. While many people have come up with solutions that involve forcing sites to use HTTPS, Zscaler Security has just released a countermeasure called BlackSheep, which actually detects when Firesheep is hijacking your session.
Firesheep accesses your Facebook, Foursquare, Twitter and other logins through cookies — Blacksheep subverts this by tricking Firesheep with a fake login cookie and alerting the user when Firesheep is detected, displaying the IP address of the person using it (see below), and warning the user to log off.
BlackSheep is currently the only available solution that attempts to pit Firesheep against itself. “BlackSheep leverages much of the Firesheep code, but the twist is that rather than being used to hijack sessions, it instead detects when a session is being hijacked and alerts the user,” says BlackSheep developer Julien Sobrier.
And because BlackSheep and Firesheep use much of the same code, you can’t run them both in the same Firefox session. But why would you want to do that?
You can download BlackSheep here.
And learn more about Firesheep in the video below.