A new Firefox feature called “Firesheep” can be used to easily hack into a person’s computer over a public Wi-Fi network and gain access to several popular sites, including Facebook, Twitter, and Amazon.
An add-on to the Mozilla Firefox browser, Firesheep allows someone to view the networking session identification and authentication codes – cookies – being sent from the public Wi-Fi network to each computer logged on to it. Access to that information affords the hacker the same unimpeded privileges as the computer's rightful user.
Firesheep specifically targets 26 highly-trafficked sites, including Amazon, Foursquare, Google, Facebook, Twitter, Windows Live, the New York Times, Wordpress, and Yahoo, and can be customized to go after other sites per the hijacker’s preferences. Firesheep is free, and available for Mac OS X and Windows systems.
Created by Eric Butler, a Seattle-based freelance Web application developer, Firesheep was not built to be deployed maliciously, Butler said, but rather to illuminate the rampant security gaps at many popular websites and force those sites to enact stricter guidelines and encryption policies.
On his personal blog, Butler wrote, “Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win.”
Firesheep emerges amidst the growing privacy fears surrounding the insecurity of public Wi-Fi networks, and the recent troubles of Facebook and MySpace, both of which were shown to be transmitting personal user information to third-party advertisers.