Eric Butler’s new ‘hack Facebook’ plugin for Firefox

Oh the mischief this new Firefox plugin is going to cause.

Firesheep adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site. “Double-click on someone [in the sidebar] and you’re instantly logged on as them,” said [plugin author Eric] Butler in his short description of his add-on.

Computer World says the Firesheep add-on has been downloaded more than 50,000 times since it was released Sunday. You can download Firesheep from Butler’s Web site. It’s extremely easy to install: just download the .xpi file; drag it to a Firefox window; and restart.

And it’s not just Facebook that Butler’s plugin makes double-click hackable, either. Others include:

  • Basecamp
  • CNET
  • Dropbox
  • Facebook
  • Flickr
  • Foursquare
  • Google
  • Gowalla
  • Windows Live
  • Tumblr
  • Twitter
  • WordPress
  • Yahoo
  • Yelp
  • and others

The plugin is relatively easy to customize, too, meaning that someone with not much more than basic programming skills could easily add other domains to Firesheep’s default list. TechCrunch offers a pretty thorough explanation of how Firesheep works and the plugin’s impact, as well as a possible defense. The truth is, though, using the Internet on a public Wi-Fi network is inherently insecure. But that isn’t news, is it?