Sidejacking as Wikipedia defines, is referred “to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer.”
Why am I revealing so much vital information that would allow you to sidejack into other people’s account?
Because I want you to know how easy it is to do so. How easy it is for even a layperson who doesn’t know what sudo make install means to sidejack into your account.
It is not that this was impossible to do before the advent of Firesheep, but it included the use of some knowledge that average Internet users didn’t have. “Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win,” says Butler.
Zeljka Zors also concludes:
As I write this, the extension has been downloaded some 8,000 times, and the number is rising by the second. Wouldn’t it be amazing that an action such as this could bring about the realization of a more secure Internet?
Firesheep been claimed to work with “Facebook, Flickr, Amazon.com, bit.ly, Google, Twitter, Yahoo, WordPress, and many others.”
Personally, I am thankful to Eric Butler who released this plugin, to highlight how fragile my online privacy and data actually is. Now let’s hope Facebook et al. get the message.
As one Slashdot commenter puts it:
Facebooks servers were hanging around in a dark alley one faithful night. My privacy just happened to think that particular night, let’s take the shorter route home. It’s as if Facebooks servers sniffed she was coming, despite her high privacy settings. They libpcaptured her, then stripped all of her headers and checksums, right to her to the bare profile while taunting her loudly. Some traffic just passed by without doing anything. My privacy was violated again, and again and Facebooks servers just kept going and going. Then they left my privacy “face”-down in a shallow ditch, some shreds of unique ROWIDs covering her bloodsoaked profile.