Early this week a Firefox addon named Firesheep took the Internet by storm by letting anybody, practically anybody, to get into your Facebook, Twitter, Google and any number of online accounts over an unsecure wireless network.
Although Firesheep was developed to prove a point and generate awareness about the unsecure user login practices by social networks, and virtually every small and big sites, the huge number of downloads (200,000 in a few days) is a worrying factor.
Users aware of the problem can protect themselves by forcing HTTPS connection on all compromised sites. But what about others who are not aware of the problem? The 500 million Facebook users can hardly be called Internet savvy.
Gunnar Atli Sigurdsson, a 21-year old electrical engineering student at the University of Iceland, has come up with a solution, that lets anybody protect their fellow users from getting screwed by a Firesheep user. Sigurdsson has designed a tool called FireShepherd that runs on a user’s desktop and periodically jams the local wireless network with a string of junk characters that can instantly crash Firesheep when the snooping program reads them.
By default, those jamming signals are broadcast every 400 milliseconds but the user can adjust interval.
Since Fireshepherd uses a vulnerability in Firesheep, someone may soon create a patch for the open-source program that nullifies Sigurdsson’s jamming technique. But if that happens, he says he’ll search out another vulnerability and update the tool. “Programs usually have more than one bug,” he says.