(2010-10-27) Firesheep Cookie Ssl

Fire Sheep is a FireFox plug-in which lets your computer mimic other users on the same open WiFi HotSpot by capturing their Web Cookie-s. (Lots of sites generate a cookie at the time of login, then use that as security check for the rest of the session, rather than having to a do a lookup on every hit.)

The only solution is to use SSL on every part of your site that requires login.

(Commenter mickeyc notes: For those of you who think your banking websites are properly secured by SSL, a lot of them aren't properly secured. The login form must be displayed on an HTTPS page to prevent SSL stripping attacks.)

Update: how to secure your Ruby On Rails site.

Update for users: the EFF Https Everywhere plugin makes sure you use the SSL URL-s of major sites that have them (but may not redirect you there by default).