Zscaler Creates Free Tool That Allows Consumers To Protect Against Firesheep Security Threat

Author
SySAdmin
Posted
November 8, 2010
Views
714

Page All:

Page 1
Zscaler Creates Free Tool That Allows Consumers To Protect Against Firesheep Security Threat

BlackSheep alerts users if sessions are hijacked after logging in to a social network or email; The Firefox plugin can be downloaded from http://www.zscaler.com/blacksheep.html

SUNNYVALE, Calif., Nov. 8, 2010 /PRNewswire/ -- Zscaler today released BlackSheep, a free Firefox plugin that consumers can download from http://www.zscaler.com/blacksheep.html to obtain immediate protection against the highly-publicized "Firesheep" security threat.

Firesheep enables others to surreptitiously "hijack" your user session, without your knowledge or consent, after you log in to Gmail or popular social networks such as Facebook and Twitter. Recently released by developer Eric Butler at the Toorcon security conference in October, Firesheep was downloaded over 100,000 times in the first 24 hours alone. Because it, also, is offered as a free Firefox plugin, Firesheep can be obtained by anybody, letting them listen passively on a network to obtain session information on users logged in to over two dozen popular websites. All a Firesheep user needs to do is click on a newly captured session to be effectively logged in with your credentials (username and password). Because it's so easy, the likelihood of it being misused for wrong-doing or attacks on consumers is high.

By design, BlackSheep is a countermeasure to Firesheep to help consumers combat this threat and avoid falling victim, and it's the only protection mechanism that exists to date. Given the popularity and rapid growth of Firesheep, BlackSheep can provide peace of mind to users on shared WiFi, home or corporate networks. Once downloaded, it displays a warning when Firesheep is detected.

"We essentially used Firesheep against itself to combat the threat it poses," said Julien Sobrier, senior researcher at Zscaler Labs and developer of the new BlackSheep plugin. "In fact, BlackSheep leverages much of the Firesheep code, but the twist is that rather than being used to hijack sessions, it instead detects when a session is being hijacked and alerts the user." Once the user becomes aware that they have a "visitor" they are advised to log out immediately and stop using the network, he advises.

Michael Sutton, VP of Security Research, said: "While session hijacking is not a new form of attack, Firesheep has garnered considerable attention due to the fact that it makes session hijacking exponentially easier and can bring this capability to the masses. Any person capable of running a Firefox plugin can now access private data. At least now, with BlackSheep, people can be alerted when they're at risk."

BlackSheep is freely available to everyone and can be downloaded from http://www.zscaler.com/blacksheep.html.

About Zscaler

Through a multi-tenant, globally-deployed infrastructure with 40+ data centers, Zscaler enforces business policy for web and email, mitigates risk and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device. For more information, visit us at http://www.zscaler.com.

    Press Contacts
    Paula Dunne, Press Relations
    Office: +1-408-776-1400, Mobile: +1-408-893-8750
    Paula.Dunne@zscaler.com

ZscalerĀ®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

SOURCE  Zscaler

Zscaler

CONTACT: Paula Dunne, Press Relations of Zscaler, +1-408-776-1400, Mobile, +1-408-893-8750, Paula.Dunne@zscaler.com

Web Site: http://www.zscaler.com

Title

Medium Image View Large