I’m going to turn myself into … you! That is, if you are logging into Facebook, Google and many other websites over an unsecure wifi connection.
A new Firefox extension called Firesheep is causing quite the uproar. It allows a user to collect cookies transmitted over HTTP on an unsecured WiFi network. The user can then use these cookies to log into any of the accounts.
It allows a person to sit in a coffee shop (or on another open wifi network) and as other patrons of the coffee shop connect to their favorite timesuck websites (while they should be working on finishing an article which is WAY past deadline, for example), Firesheep intercepts the cookies being shared over the HTTP protocol and logs them. Bingo bango, the nefarious coffee shop patron can now log into all the accounts accessed on that WiFi Network while he was running Firesheep. An even more troublesome situation is if the nefarious person lives above the coffee shop.
Eric Butler has stated that he released Firesheep only to provoke websites to use the more secure - albeit slower - HTTPS protocol.
via TechCrunch
