How Firesheep Can Hijack Web SessionsFiresheep is a Firefox extension used to hijack web sessions, usually used over WiFi networks. Firesheep doesn't steal usernames and passwords, instead it copies session cookies used on authenticated websites. These are then used to impersonate the hijacked connection. Session hijacking, or sidejacking is a well known problem, ranking 3rd on OWASP's (Open Web Application Security Project) Top 10 Application Security Risk list. Attackers using Firesheep just need access to network traffic -- such
8 of 10
Using a VPN or wireless encryption like WPA/WPA2 can make capturing usable traffic difficult, if not impossible. However, end-to-end SSL encryption works even when VPNs and wireless encryption are not available. Many social media sites support SSL if you request it. Browser extensions like the NoScript Firefox add-on can be configured to redirect all HTTP requests to specific domains to HTTPS, or just replace "http:" with "https" in the website's address and bookmark that.
Firesheep Simplifies Stealing Logins
Firesheep Exposes Need For Encryption
8 of 10