Firesheep is a Firefox extension that captures user names and passwords of any person utilizing the same open wireless network. To show people how vulnerable they're on public wi-fi, Firesheeps designer created the extension to exploit the validation cookies used by social networks and other websites. Firesheep can be thwarted, nevertheless, with Firefox extensions designed for additional amounts of encryption.

Source of article - Firesheep Firefox extension - sidejacking made easy makes a point by Personal Money Store.

Firesheep makes it so you are able to hack social networks easily

Anyone can walk into a coffee shop and start hacking others' lives with Firesheep. There is only one thing making it so Firesheep can word. There's a cookie the server replies with when a user submits a user name and password to log into something which will let the user continue on with authentication. According to Eric Butler, who developed Firesheep, on the open wireless network in that coffee shop, cookies are being shouted through the air. Websites commonly protect user names and passwords by encrypting the login. However, in the interests of expediency, the cookie is not protected. On an open wireless network, sidejacking, or HTTP session hacking, is like shooting fish in a barrel.

Utilizing Firesheep

Firesheep is available on Mac OS X and Windows. It's free too. A new sidebar will appear on your Firefox browser after you've installed Firesheep. Go to the coffee shop, go to its open wireless network. The "Start Capturing" button is all you have to click. Anyone using the network logged into Facebook, or any other insecure website acknowledged by Firesheep will show up. The sidebar will display their name and photo. Firesheep will log into their private account as soon as you double-click on the photo. Firesheep sidejackers can do whichever they feel like after that.

How to stop Firesheep

You do not have to let Firesheep in. There is something you can do. According to TechCrunch, Firesheep works because most social websites, after encrypting login details, default to the HTTP protocol. "Force-TLS" is a Firefox extension that causes online websites to use the HTTPS protocol. That is the only reason why Firesheep can detect cookies. Users can change HTTP to HTTPS on websites with the Firefox Add On "Preferences" menu which is done with the Force-TLS Firefox expansion. HTTPS encrypts all user data so Firesheep can't read it. Facebook, Twitter and Google all allow HTTPS connections. Most major web sites will. Amazon doesn't right now though.

Data from

Code Butler

codebutler.com/firesheep

The Register

theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/

Tech Crunch

techcrunch.com/2010/10/25/firesheep/