Firesheep extension shows just how vulnerable open wifi networks are

Firesheep is something that has been popping up around the place for a few days - I thought I'd share it here for the uninformed, or at least, if you didn't know - pass the news on to someone you know who uses unsecure Wi-Fi.



The above picture shows what it would look like - allowing you to login as another person on the open wifi network.

A Seattle based programmer, Eric Butler has released an extension for Firefox which shows you a graphical list of the online accounts of everyone sharing an open wifi network with you - with a simple single click, you're instantly logged in as them.

This vulnerability is NOT new - it is a problem that has existed for years now, but is being bought into the public eye now. A quick explanation of how it works: Most major websites transmit keys to your account - your login HTTP "cookies" - without any encryption at all. This problem doesn't really register when you're on a secure wifi network - for example when WPA is enabled, but of course, nothing is 100% safe.

Sites that are vulnerable are: Amazon, Dropbox, Facebook, Flickr, Foursquare, Google, nytimes.com, Tumblr, Twitter, WordPress, Yahoo and Yelp.

Butler released the program, supposedly to encourage these types of sites to increase their security... he goes on to say "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web."