Firesheep Snatches Your Cookies to Break Into Your Facebook Account
Firesheep listens for cookies being sent over the network, and grabs them. When a session from an unprotected site is detected, the sidebar automatically displays usernames and corresponding account photos, if available. Simply clicking on a user's name opens the target site with that user's account, allowing you free reign over their data. The list of vulnerable sites includes popular (and potentially dangerous) destinations, like Google, Facebook, Twitter, Amazon and Dropbox.
Since Firesheep is a Firefox extension, it's available for both Windows and Mac (available for Linux at a later date). Its simplicity makes account hacking frighteningly user-friendly. Butler is hoping the extension will force sites to finally embrace HTTPS (also known as SSL), which uses end-to-end encryption to protect account data. For those who want to take a more active role in protecting their data, VPNs like Hamachi provide secure access. And, for the geekier among you, SSH proxies redirect your data through encrypted paths.