A Bear's Face on Mars Blake Lively's New Role Recognizing a Stroke Data Privacy Day Easy Chocolate Cake Recipe Peacock Discount Dead Space Remake Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

Free Firefox add-ons detect Firesheep snooping

ZScaler's Blacksheep and the Electronic Frontier Foundation's HTTPS Everywhere extensions for Firefox alert you when someone is using Firesheep to capture your sign-in information.

Every wireless-network user should know the perils of signing into a Web service over an unencrypted connection. Elinor Mills explains the perils of using open Wi-Fi networks in her InSecurity Complex blog.

The safest approach is to enter user IDs and passwords only when the page's address begins with "https://" and it has a lock icon at the top or bottom of the browser window. Otherwise a network snoop could monitor your actions without your knowledge. Note that the lock icon may have an exclamation mark even though the page address begins with "https:". This indicates that some of the current page's content could not be authenticated.

Facebook, Twitter, WordPress, and other popular Web services still don't encrypt their sign-in pages. The recent release of the Firesheep add-on for Firefox makes capturing user sign-in data easier than ever. Firesheep's author Eric Butler claims he was motivated to release the malware by the failure of Web services to safeguard user sign-in data. Evelyn Rusli looks deeper into the matter on TechCrunch.

Two free Firefox add-ons detect and prevent Firesheep from snooping your sign-in data: Zscaler's Blacksheep and the Electronic Frontier Foundation's HTTPS Everywhere.

Blacksheep turns Firesheep against itself
Last August, I described Zscaler's Search Engine Security (SES) Firefox add-on designed to protect against malware-bearing search results. The company has responded to the security threat posed by Firesheep by creating a Firefox add-on that uses much of Firesheep's own code to alert users to the presence of the malware when they sign into an unencrypted network.

Zscaler Blacksheep add-on for Firefox
Zscaler's Blacksheep add-on for Firefox mimics Firesheep's network polling--using fake data--and reports when it detects Firesheep doing likewise. Zscaler Research

I haven't tested Blacksheep, but the add-on has been criticized for defending against only Firesheep and not other so-called sidejacking attempts. HTTPS Everywhere, which EFF developed in conjunction with the Tor Project, attempts to encrypt all communication with the site, although some content delivered by the site will likely remain unencrypted.

Secure unencrypted network connections with VPN
The best way to avoid having your private data siphoned from an unencrypted wireless network is not to use such networks. Your second-best bet is to use a virtual private network (VPN) connection, which you can establish by using a product such as LogMeIn Hamachi. The program is free for noncommercial use and $33 a month or $199 a year for a business license.

VPNs will likely slow your connection, but a little longer wait for page loads is a small price to pay for the added security VPNs provide. For more information on creating and using a VPN, see Jolie O'Dell's instructions on Mashable. Other popular encryption products include the free, open-source TrueCrypt and the free but not open-source UltraVPN.