Hot on HuffPost Tech:

See More Stories
AOL Tech

Firesheep Snatches Your Cookies to Break Into Your Facebook Account

It's no great secret that public and open Wi-Fi networks are not particularly secure. But developer Eric Butler's alarming new proof of concept, called Firesheep, shows just how simple it is to steal log-in credentials, and how many popular websites leave their users exposed. Many sites offer a secure log-in feature, but then rely on an unencrypted cookie to identify your session and keep you signed in. When you're using an open Wi-Fi network, these cookies are "basically shouted through the air," as Butler writes on his site. That makes it very easy for someone to monitor traffic over the wireless network, identify cookies and make copies of them for their own nefarious purposes.

Firesheep listens for cookies being sent over the network, and grabs them. When a session from an unprotected site is detected, the sidebar automatically displays usernames and corresponding account photos, if available. Simply clicking on a user's name opens the target site with that user's account, allowing you free reign over their data. The list of vulnerable sites includes popular (and potentially dangerous) destinations, like Google, Facebook, Twitter, Amazon and Dropbox.

Since Firesheep is a Firefox extension, it's available for both Windows and Mac (available for Linux at a later date). Its simplicity makes account hacking frighteningly user-friendly. Butler is hoping the extension will force sites to finally embrace HTTPS (also known as SSL), which uses end-to-end encryption to protect account data. For those who want to take a more active role in protecting their data, VPNs like Hamachi provide secure access. And, for the geekier among you, SSH proxies redirect your data through encrypted paths.

Tags: apps, EricButler, firesheep, linux, mac, pc, privacy, security, top, web, wi-fi, wireless