What is Firesheep?

Firesheep is a Firefox add-on that allows anyone to use a public WiFi network and hack into other people’s Facebook, Twitter and other online accounts. 1

Firesheep hacks into your online accounts by viewing your computer's networking session identification and authentication codes, or cookies.
This information becomes vulnerable when it is not encrypted. 3
When a connection is not secure your URL looks like this: http:// To make your connection more secure add an s to the http:// in your url. It should look like this: https://

According to one source, "Firesheep specifically targets 26 highly-trafficked sites, including Amazon, Foursquare, Google, Facebook, Twitter, Windows Live, the New York Times, Wordpress, and Yahoo, and can be customized to go after other sites per the hijacker’s preferences." 4

The add-on has been very popular since its launch; it has already been downloaded over 320,000 times.5 Mozilla Firefox has said they will not be pulling or blacklisting the add-on. 6


Firesheep was created by Eric Butler, a Seattle Web developer. 7 Butler claims he created the add-on to get other websites to increase their security. 8

Concerns for Parents

  • This extension allows users to hijack other people's online accounts if they are using unsecure websites on public wifi.
  • Some sites do not have secure connection options; major sites, like Facebook, Twitter, and Amazon, usually do.9

How Can I Keep My Computer safe?

  • Check your URL before you log in to one of your online accounts while using a public wireless network. To protect your information simply add a s to http:// so that it becomes https:// You might want to bookmark your sites with this url to protect yourself in the future. 10
  • Before you log on to a public network make sure you are logged out of your online accounts. Once you are logged into the network make sure you sign into your accounts with a secure connection.11
  • There is a FireFox plug-in called HTTPS-Everywhere that automatically changes your URL http:// to https// .12 13
  • There is a FireFox plug-in called Force-TLS that allows users to enforce HTTPS for a specific list of domain names
  • There is a FireFox add-on called BlackSheep that will alert you when someone on the network is using Firesheep 14

Where Can I Learn More?

Vancouver Sun article giving tips on how to stay protected from Firesheep

Read this wiki article on Tls.