Firesheep is an add-on for the Firefox web browser that makes it extremely easy for you (or anyone else) to hijack current web sessions over open Wi-fi. It’s been available for a couple weeks now from here and has been downloaded over half a million times.
For a full analysis of what Firesheep is and how to protect yourself from being hijacked, listen to Steve Gibson’s “Security Now” podcast (28 Oct 10) on the topic. If listening to podcasts isn’t your cup of tea, Steve transcribes them to various formats (html, pdf, text). Here’s the html transcription of the Firesheep Security Now podcast.
I strongly suggest you also listen to Steve’s latest Security Now podcast (04 Nov 10). It’s a “Listener Feedback” session but it provides more up-to-date info concerning Firesheep. The html transcript of this podcast is located here.
The “Security Now” podcast is now in it’s sixth year of production. It airs weekly every Wednesday on Twit TV with Leo Laporte. You can even watch the live video should you desire. All 273 episodes are archived on Steve Gibson’s “Security Now” web site along with searchable transcripts. It’s a fantastic educational resource!
UPDATE: Woody Leonard wrote a great article for Windows Secrets last week titled “Cloak your connection to foil Firesheep snoopers.” I improperly referred to what Firesheep allows as “hijacking.” The proper term for what Firesheep so easily performs is the other well known problem of “sidejacking.”