Firesheep lets Anyone Hack into a Facebook or Twitter Account

Eric Butler, a software developer from Seattle has exposed the vulnerability of popular sites like Facebook and Twitter.

He has developed a Firefox extension called Firesheep, which makes use of the vulnerability of unsecured HTTP sites in order to demonstrate session hijacking. Firesheep sniffs out unencrypted HTTP sessions on any open Wi-Fi network and capture users’ cookies. It then uses the cookie to let you pose as that user and browse the site.

Here’s how it works: When you connect to any open Wi-Fi network using the extension,  it start’s monitoring the network. Then as soon as anyone on the network visits an insecure website known to Firesheep, their name and photo is displayed: