Get Firesheep! Hack everything the whole internet to bits!
WARNING! All unsecured HTTP sites (including Facebook, Twitter, Foursquare and loads of very popular web destinations) have an underbelly softer than a mouse's ear.
A developer called Eric Butler has decided to expose it for us all to see with his new Firefox extension, Firesheep, which lets you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.
Butler explains: “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.”
All you have to do is double click in the window which shows a person's details and you'll be able to log into that user’s site with their credentials.
So basically, anytime you use an open Wi-Fi connection, there's now a good good chance that someone can access some of your most private, personal information and correspondence (start deleting your dirty direct messages now, eh?).
Basically, if a site is not secure, it keeps track of you through a cookie which contains identifying information for that website. Firesheep grabs these cookies and lets you pretend to be them. Astonishing stuff really.
If you're not particularly worried about someone mucking around with your social networking profiles, then maybe you'll be more concerned about the fact that this extension can also work with things like Amazon and WordPress. And that’s just through the default setting. If you're savvy enough, you can write your own plugins and start hacking away at other stuff.
Butler says that he created this unsavoury tool to expose the lack of security on the web.
“Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” Butler says.
It seems there's not much you can do to prevent sessions getting hijacked, so as a user, the lesson here is that you shouldn't log-in on an open network (unless you use VPN) as it leaves you wide open for someone to start delving into your private data.
You've been warned.