Gary LosHuertos used Firesheep in an attempt to dissuade users from broadcasting cookies over unprotected WiFi, only to discover that wasn’t enough.
Around half an hour later, I’d collected somewhere between 20 and 40 identities. Since Facebook was by far the most prevalent (and contains more personal information than Twitter) I decided to send the users messages from their own accounts to warn them of their accounts’ exposure. I drafted a friendly, generic message that stated the location of the Starbucks, what the vulnerability was, and how to avoid it. I sent messages to around 20 people.
I cleared the sidebar, took off my headphones, and waited. I heard one expletive muttered a few feet away, and wondered if my message was the cause. Over the next 15 minutes, I didn’t hear anyone talk about what had happened (and folks at Starbucks are usually not ones to keep their conversations private). However, what I did see happen was a sharp decline in the number of identities I was collecting when I restarted Firesheep.
This was relieving – these people got the message. Hopefully they’ll tell their friends, hide their kids, hide their wives. I cleared the sidebar once again, and after another twenty minutes of mindless conversation I saw five familiar names had returned to my herd.
Reminders like these make the results of The Ugly Indian all the more remarkable.