Firesheep Opens Eyes to Insecure Browsing

Firesheep is a new dirty word in many eyes around the Internet. Firesheep is a Firefox extension that allows a snooper to relatively easy get into anyone’s browsing sessions on a public WiFi hotspot. Think of your favorite coffee shop. Dwight Silverman has a nice write up on this here. The story he recounts is a bit hair-raising, so go read it. Here’s a quote about how Firesheep works:

Firesheep finds connections being made to popular websites through the standard, non-secure http protocol. It can “sidejack” that session, allowing you instantly to be browsing someone else’s Facebook or Twitter account. If you’re using the encrypted, secure https connection a site, you’re safe. The problem is, too many sites don’t offer https connections, or they aren’t consistently available throughout the site, leaving users vulnerable.

Obviously this comes with the now overused “browse safely” warning. But it raises a real question of ethics when it comes to its release. The developer sees himself as a good guy pointing out holes that already exist. Others don’t quite see it that way. I’m one of those.