A Firefox extension that makes it simple for users to hijack accounts at Facebook, Twitter, and dozens of other popular sites has been downloaded more than 100,000 times in 24 hours. The Firesheep add-on allows users to scan public WiFi networks and, via cookies, steal login details from unsecured sites. Its creator, software developer Eric Butler, says it was built to expose the huge security holes in sites that encrypt login pages but not other areas, TechCrunch notes.
"Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web," Butler wrote in a blog post calling for sites to introduce end-to-end encryption. "The attack that Firesheep demonstrates is easy to do using tools that have been available for years." He says he has been overwhelmed by the attention since he released the add-on and he plans a follow-up post explaining how users can best protect themselves.
(More Firesheep stories.)