Image via WikipediaThere has been a big noise in the media this week regarding a new extension to the Firefox browser called Firesheep. Due to the fundamentally insecure way in which some popular websites such as Facebook, Twitter, Amazon etc, handle the logon process, it has long been possible to capture the session information of a user by way of the Wireshark tool or similar provided you're both on a hub based network or an unencrypted wireless network. However it has required a modicum of skill.
Firesheep has meant that anyone can do it. Sat in my local McDonalds armed with my laptop and Firesheep, I was presented with several targets within a matter of minutes, I could even see their photographs to identify who I was scanning. A simple double click and I was logged in as them. Luckily for them, I am an upstanding citizen and immediately logged out having satisfied myself that Firesheep lived up to it's claims. However with more and more of us storing some pretty personal information on these sites, they may not be so lucky next time.
Firesheep was written and released by Eric Butler at this year's Toorcon and really highlights the misplaced trust that we put in to our favourite online activities. It will hopefully prompt the powers to be to finally implement some proper security.