At the Toorcon 12 security conference, Ian Gallagher and Eric Butler presented Hey Web 2.0: Start protecting user privacy instead of pretending to. Eric Butler released a free open-source tool and Firefox browser addon called Firesheep. Now any person, or idiot, can use Firesheep to scan local Wi-Fi networks and find users who are logged into Facebook, Twitter, Amazon, Google, FourSquare, Dropbox, Hacker News, Windows Live, Cisco, Evernote, WordPress, Flickr, bit.ly and many other services. There is a list of sites that Firesheep will sniff and hijack.
Butler blogged “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy….When it comes to user privacy, SSL is the elephant in the room.”
I kind of like this. It brings attention to the insecurity of WiFi connections. I wonder if this will get big enough that anything will actually change. It seems to have worked on Hotmail already.