|We covered the recent release of FireSheep, a Firefox plugin that easily allowed the hijacking of user sessions for popular websites such as Facebook. Although this plugin was intended to raise awareness of a vulnerability in the authentication system used by a large percentage of websites, it has widely been seen as a nuisance and dangerous piece of software. By making a somewhat technical process easy to use, it allows malicious users to gain unauthorized access in a way that they may not have previously been technically adept to do. Fortunately, BlackSheep has arrived to save the day; but what protections does it offer?
As outlined in more detail by Michael Coates on DevWebPro, FireSheep utilizes a program called Winpcap that sniffs the unsecured network for session identifiers. With these session identifiers, FireSheep can pretend to be the user who actually belongs to the stolen session identifier, and thus gains access to the particular website. BlackSheep utilizes the same Winpcap tool. However, BlackSheep instead seeks out evidence of a FireSheep sniffer. Upon finding this evidence, BlackSheep notifies you that there is a FireSheep user on the network.