Zscaler develops free tool to detect Firesheep snooping. A security company has developed a free Firefox add-on that warns when someone on the same network is using Firesheep, a tool that has raised alarm over how it simplifies an attack against a long-known weakness in Internet security. Firesheep, which was unveiled at the ToorCon security conference in San Diego October 2010, collects session information that is stored in a Web browser's cookie.
The session information is easily collected if transmitted back and forth between a user's computer and an unencrypted Wi-Fi router while a person is logged into a Web service such as Facebook. While most Web sites encrypt the traffic transmitted when logging into a Web site, indicated by the padlock on browsers, many then revert to passing unencrypted information during the rest of the session, a weakness security analysts have warned of for years, particularly for users of public open Wi-Fi networks. Firesheep identifies that unencrypted traffic and allows an interloper to “hijack” the session, or log into a Web site as the victim, with just a few clicks.
The style of attack has been possible for a long time, but because of its simple design, Firesheep has given less-sophisticated users a powerful hacking tool. Zscaler's The Blacksheep add-on, however, will detect when someone on the same network is using Firesheep, allowing its users to make a more informed security decision about their behavior while on an open Wi-Fi network, for example.
Source: http://www.computerworld.com/s/article/9195398/Zscaler_develops_free_tool_to_dete ct_Firesheep_snooping
No comments:
Post a Comment