Sunnyvale, California, November 8, 2010
Zscaler today released BlackSheep, a free Firefox plugin that consumers can download from https://www.zscaler.com/tools/blacksheep to obtain immediate protection against the highly-publicized “Firesheep” security threat.
Firesheep enables others to surreptitiously “hijack” your user session, without your knowledge or consent, after you log in to Gmail or popular social networks such as Facebook and Twitter. Recently released by developer Eric Butler at the Toorcon security conference in October, Firesheep was downloaded over 100,000 times in the first 24 hours alone. Because it is also offered as a free Firefox plugin, Firesheep can be obtained by anybody, letting them listen passively on a network to obtain session information on users logged in to over two dozen popular websites. All a Firesheep user needs to do is click on a newly captured session to be effectively logged in with your credentials (username and password). Because it’s so easy, the likelihood of it being misused for wrong-doing or attacks on consumers is high.
By design, BlackSheep is a countermeasure to Firesheep to help consumers combat this threat and avoid falling victim - it’s currently the only protection mechanism that exists to date. Given the popularity and rapid growth of Firesheep, BlackSheep can provide peace of mind to users on shared WiFi, home, or corporate networks. Once downloaded, it displays a warning when Firesheep is detected.
“We essentially used Firesheep against itself to combat the threat it poses,” said Julien Sobrier, senior researcher at Zscaler Labs and developer of the new BlackSheep plugin. “In fact, BlackSheep leverages much of the Firesheep code, but the twist is that rather than being used to hijack sessions, it instead detects when a session is being hijacked and alerts the user.” Once the user becomes aware that they have a “visitor” they are advised to log out immediately and stop using the network, he advises.
Michael Sutton, VP of Security Research, said: "While session hijacking is not a new form of attack, Firesheep has garnered considerable attention due to the fact that it makes session hijacking exponentially easier and can bring this capability to the masses. Any person capable of running a Firefox plugin can now access private data. At least now, with BlackSheep, people can be alerted when they’re at risk."
BlackSheep is freely available to everyone and can be downloaded from https://www.zscaler.com/tools/blacksheep.
Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.
Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.
- Zscaler Security Research
- Zscaler Security as a Service
- Award-winning Web Security
- World’s First Next Generation Cloud Firewall
- Sandboxing and Behavioral Analysis
Director of Communications