Advertisement

Firesheep makes stealing your cookies, accessing your Facebook account laughably easy

A software developer called Eric Butler doesn't just want to make you aware of the lax security of most social networking sites, he wants to force you to do something about it! To that end, he's developed Firesheep, a Firefox add-on that even the least technically inclined among us can use to eavesdrop on open WiFi networks and capture your fellow users' cookies. Any time a site recognized by Firesheep (including Twitter, Flickr, Facebook, and Dropbox) is accessed by a user on your network, Firesheep provides you with an icon and a link to access that account. Sure, had these sites used SSL to begin with this would be nigh in impossible; but they don't, so it is possible. And easy! And fun! Keep in mind, we're not suggesting that you give this a try yourself (far from it!) but we do hope you look into the larger issues involved here, and take the appropriate steps to force sites to use SSL, and protect yourself in the process (we hear that HTTPS Everywhere and Force-TLS are good places to start). Because, really -- Internet security is enough of a problem without giving everybody at the Coffee Bean your Facebook credentials.