There has been a lot of buzz about a Firefox add-on named Firesheep. I have kind of ignored the topic for some time, but after getting a few emails from Firefox users asking what it is about – I thought it might be time to shed some light on the topic – so that all Firefox users know it is out there. Firesheep snoops fro cookies, and then allows others to log into websites as you if you are browsing on an open wireless network.
Mozilla has said it would not (or could not) put in a kill switch to disable the Firesheep add-on from stealing log-on and account access information to Facebook, Twitter and other major website services out there. The reason for this is because it does not exploit a vulnerability in Firefox – it exploits a whole in a number of popular websites instead.
So what you can do to protect yourself, if you often browse from an open wireless network? Download Squad has put together a great guide on how to defend against Firesheep by surfing securely with HTTPS. Sebastian has done a great job at giving you all the details you need to know there.
Now, before you go searching for Firesheep on your own – let me warn you. While downloading Firesheep and Firesheep itself is not illegal, using Firesheep to login as somebody else (so the process of using the add-on) is illegal under US law.
Hopefully the attention this add-on has drawn will create enough buzz to get some of the biggest websites out there today to fix this hole and better protect their users.