A new Firefox add-on gives the person next to you at your local Starbucks the power to hack your Amazon, Facebook, Twitter, Flickr and Google accounts. Does this really work? Can you protect yourself?
Unfortunately, yes. Fortunately, yes.
The add-on, dubbed “Firesheep,” is the brainchild of Seattle software developer Eric Butler who created it, he claims, to expose the dangers of accessing the Web from public Wi-Fi spots.
Firesheep adds a sidebar to Mozilla’s Firefox browser that signals when anyone on an open, or Wi-FI, network visits an insecure site.
“Double-click on someone [in the sidebar] and you’re instantly logged on as them,” Butler instructs.
The add-on is easy and quickly downloadable, meaning anyone from your friends and neighbors to the clueless old lady down the street can capture your user cookies.
And capture they have: the app has been downloaded nearly 50,000 times since Butler released it last weekend at the Toorcon 12 security conference in San Diego, Calif.
So, what can you do to protect yourself?
First, stay away from using public Wi-Fi connections to access your personal accounts. If you have to visit those sites, trying using your smartphone over a 3G connection instead.
Facebook, Twitter and other affected sites have yet to plug the hole, but leave it to the peanut gallery of Internet users to deliver a possible, if temporary, solution.