What can someone do if they hijack my session with Firesheep?
They should not be able to access your password or change your password, but they can still make posts as you, read and change personal/privacy settings, send messages, or log you out. Read on for more technical information. End to end protection Firesheep works by placing a network interface into promiscuous mode and listening to all traffic on a network. While securing wireless access points helps with this issue, a web session hops across many networks between the client computer and the remote web server. Even when you use HTTP-based web applications on a secure wireless connection, any of the hops between your computer and the server could fall victim to foul play like ARP or DNS cache poisoning. When a web session is carried out with SSL, these types of hijacking attacks are ineffective because each packet is encrypted. The best way to ensure that your web sessions are safe is to use HTTPS, and verify that the certificates are in order. Using Firesheep to your advantage When Fire
