Firesheep is a Firefox plug-in that makes it simple for the average Joe to hack into your account. Basically, if you’re on a network with someone running Firesheep, they will be able to see and probably access your login sessions. This means not only seeing what you’re doing on Facebook and Twitter, but also posting messages to your friends, family, and followers. The developer, Eric Butler, explains it best:
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
The most important point to note here is that Firesheep is simply a tool. It only highlights how insecure standard security on the web is. VentureBeat makes an interesting analogy to the whole fun debate: “Guns don’t kill people, people kill people.” The tool itself isn’t the danger.
Packet sniffers have been around for years, but now we can all see just how easy it is for someone to get into our accounts if we use public Wi-Fi or don’t bother to secure our own networks. While The NextWeb offers some hints to avoid getting fleeced by firesheep, Computer World asks if this plug-in is even legal. Check the Firesheep blog for more info and tips on protecting yourself.