See Note added 3 Nov 2010.
Firefox users can protect themselves against Firesheep, the new browser add-on that lets amateurs hijack users' access to Facebook, Twitter and other popular services.
Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site.
A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.
Researcher Eric Butler released Firesheep on Sunday, 24 October 2010 and the add-on has been downloaded nearly 220,000 times in the first 5 days.
DEFENSE AGAINST FIRESHEEP:
--Avoid public Wi-Fi networks that aren't encrypted.
Use only public Wi-Fi available with a password.
Open Wi-Fi is the prime proving ground for Firesheep, but it's not the main proble.
This isn't a vulnerability in Wi-Fi, it's the lack of security from the sites you're using.
--Use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop.
Many business workers use a VPN to connect to their office network while they're on the road and these connections are safe.
Personal user should consider subscribing to a VPN service to gain the protection of a VPN.
A VPN encrypts all traffic between a computer -- a laptop at the airport gate, for instance -- and the Internet in general, including the sites vulnerable to Firesheep hijacking.
--Firefox Add-ons.
Firefox Add-Ons that force the browser to use an encrypted connection when it accesses certain sites.
HTTPS-Everywhere , provided by the Electronic Frontier Foundation (EFF), only works with a defined list of sites, including Twitter, Facebook, PayPal and Google 's search engine.
Force-TLS , serves the same purpose as the EFF's extension, but lets users specify which sites on which to enforce encryption.
--Other Browsers.
Browsers, such as Microsoft 's Internet Explorer and Google's Chrome, lack similar add-ons
A MiFi device can encrypt [traffic], so with one you're always carrying your own Wi-Fi hotspot with you.
MiFi isn't cheap. Verizon,[in USA], gives away the hardware but charges between $40 and $60 per month for the access to its 3G network.
THE REAL PROBLEM:
The moves users make to plug the holes Firesheep exposes are stop-gaps.
The real problem is the lack of full encryption.
Only the sites and services can fix that.
UPDATED 3 NOV 2010
The biggest threat of FireSheep is getting personal information when you visit web sites that require a login and password.
You should MAKE SURE that such sites are SECURE before entering any information.
Secure sites will use the https// prefix. FireSheep currently cannot access or get access to information sent to these site.