Firesheep plugin lets me steal your FaceBook login

Firesheep is a Firefox extension that let’s you steal logins while on a public network. Well, it is more technical than that, it lets you steal login cookies so you can spoof someones session with a site like FaceBook, or pretty much any site that requires login.

bOINGbOING has the breakdown. You should go read it. All of it.

Really, though, everyone who writes websites should know that accepting login tokens over an unsecured connection is bad news. Of course, it would be nice if setting up HTTPS correctly was cheaper. Just to turn it on for this website would cost me an extra $4 a month for a static IP address, no big deal, then $700 for a secure certificate from VeriSign that’s valid for 2 years. The certificate is 3+ times more expensive than this entire web site. Insanity! Of course, since I’m the only person with a login account, I could just use a self signed certificate. Those are free, but the browser throws a hissy fit since I’m not a recognized “authority.”

Okay, enough ranting. Everyone, just be careful surfing on a network with other people.