“Years after BlackHat sidejacking demos, far too many websites
remain vulnerable to this session cookie hijack attack. Frustrated
by apathy and inaction, web developer Eric Butler and colleague Ian
Gallagher decided to raise awareness with Firesheep – a
Firefox plug-in that makes sidejacking as easy as 1-2-3.
“These and other sites vulnerable to session hijacking really
need to be fixed to properly protect all exchanges with SSL/TLS.
This is by far the most desirable antidote. Website operators
simply cannot continue to ignore sidejacking, given the relative
ease with which vulnerable sites can be exploited –
especially in open public networks.
“In the meantime, what can ordinary users do to limit their own
exposure to Firesheep and older, less-user-friendly sidejacking
tools, such as Ferret, Hamster, or Cookie Monster? Here we consider
ten steps that have been suggested to reduce your risk of being
sidejacked – and why many are impractical or incomplete”