“Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.”
That’s the message being touted by self-professed, “freelance web developer” Eric Butler, whose Firefox extension Firesheep exposes the unencrypted cookies passed between users on a Wi-Fi network and the sites they visit. Without HTTPS or SSL encryption, the logins and passwords of said users can be exposed, clear as day, with this particular add-on.
So how does Firesheep work its good-or-evil magic? It exposes the critical information in the cookies that one can get a hold of through common HTTP session hijacks, and from there, well, the sky’s the limit. How you use this particular extension is entirely your business—though Eric does have a point by releasing it into the wild. Ideally, such a free-flowing (and easily used) tool should be enough to convince major websites to up their security when it comes to common user interactions.
So, that said, please use this extension for good, not evil! And for gosh sakes, Maximum PC users: Don’t run open Wi-Fi networks!