FireSheep is a new Firefox extension that makes it very easy to take over other people’s Facebook/Twitter/etc logins on public wifi networks. This has always been possible for people familiar with HTTP internals, but FireSheep makes it accessible to a lay person.
The author put out a detailed essay examining the causes of the security issues FireSheep exposes. I highly recommend reading it as a good overview of the issues.
There are two Firefox extensions that will do a lot to protect you from FireSheep and similar tools.
HTTPS Everywhere is one of them. I’ve been using it since the first release. What it does is that forces the secure HTTPS protocol for sites like Facebook and Twitter that offer it as an option but default to HTTP.
The only site I’ve had issues with for HTTPS Everywhere is Wikipedia. Here’s my config with Wikipedia disabled:
The other one that I just found out about is Force-TLS. Whenever it encounters an X-Force-TLS HTTP header, it will force HTTPS connections to that site in the future. This is not immediately useful, but it will become more useful over time as more web sites support HTTPS.
I should mention that your Gmail accounts are safe, as Google wisely made it HTTPS-only earlier this year.
Next steps
Leo on Tech 
Testing 1-2-3.
LikeLike