(tmcnet)
A new Firefox extension called Firesheep makes it possible for anyone on an open WiFi network to access log-in information for sites like Facebook and Twitter from other computers on the network.
It's a stunning privacy breach that exploits a well-known hole in secure data transmission.
Each time you log in to a site like Facebook, your username and password are transmitted securely, but then the site returns a "cookie" _ a temporary Internet file _ to your machine. This cookie contains your log-in information so that you don't have to re-enter your password with each click you make on the Web site.
Firesheep developer Eric Butler said on his Web site that the extension is designed "to demonstrate just how serious this problem is." While using Firesheep, a window opens and as other computers on the WiFi network log in to secure Web sites, you get a notification that someone's account is ready for you. Just double click on the person's name and their Facebook account opens up.
Just like that.
"Web sites have a responsibility to protect the people who depend on their services," Butler said in a note on his Web site. "They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web.
(more)