Security researcher always warned people about the bug and vulnerability of public networks and unencrypted services, life changes every day the new day come with some new vulnerability.
As you know that when you logging into a website your enter your user-name and password and then the server check your submitting user-name and password with their record and than assign you a cookies for your browser to get connected with server, what happen when you are logging and someone will get your cookies and use it on his browser, yes this is called session hijacking.
Over a year ago, session hijacking need some technical knowledge and the new and inexperienced user’s cant do this, but the time has been changed and a Firefox add-on called Firesheep introduced that hijack the facebook,myspace and twitter session over an open network. FireSheep is free, open source and available almost on every operating system.
How Firesheep Works
Firesheep is a packet sniffer that analyze received packets from unencrypted websites on a open network like WiFi connections.
An attacker install firesheep and the new side bar appears on Firefox and the extension wait for the 26 websites that are in firesheep database to log in, when someone log in in any of these websites than firesheep capture his session id or user-name and password.
If you know the difference between HTTP and HTTPS than you can easily understand the working of FireSheep, yes when your browser shows HTTPS instead of HTTP means your are logging on an encrypted website.
- Use a VPN(Virtual Private Network) that create a secure tunnel for your data.
- Use HTTPS everywhere, it is a firefox add-on.
- Avoid visiting such websites, when you connected to the public access networks, in place like coffee shops and airports.