In an effort to draw attention to the security risks of running high-profile Web applications over unsecured Wi-Fi networks, developer Eric Butler has created a Firefox extension that lets users hijack someone else's Facebook, Twitter, or Windows Live account, reports CRN.
Dubbed Firesheep, the extension targets 26 of the most widely used, and highest trafficked applications on the Internet, collecting "cookies" that the sites use to allow access. With cookie in hand, a criminal can do anything the user can do on a site. Switched explains:
Firesheep listens for cookies being sent over the network, and grabs them. When a session from an unprotected site is detected, the sidebar automatically displays usernames and corresponding account photos, if available. Simply clicking on a user's name opens the target site with that user's account, allowing you free reign over their data.
The flaw is nothing new, but as Computerworld quotes Richard Wang, the U.S. manager of SophosLabs, as saying:
Firesheep makes it so easy to discover [unencrypted traffic and cookies] that pretty much anyone can use it to listen to what others are doing at public hot spots.
The more time passes, the more online privacy really does become a myth.