Firesheep is a Firefox extension by developer Eric Butler which exposes the soft underbelly of the web by letting you eavesdrop on any open Wi-Fi network and capture users’ cookies.
This is how it works. If a site is not secure, it keeps track of you through a cookie (more formally referenced as a session) which contains identifying information for that website. The tool effectively grabs these cookies and lets you pose as the user. This particular vulnerability is accessible only on an open Wi-Fi network connection. So, you need not press the panic button unless you are using an open Wi-Fi. In case you are on one of those free open Wi-Fi networks on a train or a coffee shop, anyone can swiftly access some of your most private, personal information and correspondence at the click of a button. And you will have no idea. Related Read: Difference between Hacking & Hijacking At the time of writing this post, more than 3000 people have downloaded the plugin, which was released less than 2 hours back. Whoa! We must note that the intention of Eric Butler (and ours too) is to expose the severe lack of security on the web. Looking at this, all those rants about Facebook Privacy (or the lack of it) and the likes seem minuscule. Note: If you are of the geeky types, it is more than worthy to follow the conversation on Hacker news. Update: TechCrunch suggests users to install Force-TLS addon for Firefox to circumvent this issue by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep. [via]TechCrunch
