Firesheep Firefox plugin provides easy, three-step hacking to anyone's Facebook account
If I were to make the statement, "Facebook doesn't value its users' privacy or security," would anyone disagree?
Time and again, Mark Zuckerberg has shown that his priority is universal access and functional awesomeness over privacy. And hey, Facebook is a pretty cool tool, and let's not forget that it's free, so perhaps we should file privacy and security considerations under "you get what you pay for." And I've always felt there was something rather juvenile and vaguely sci-fi about the complaint, "Hey, you made me completely dependent on this for communication, and even though I didn't pay for any of it, it's your fault that someone could hack into it and steal my identity!" Kind of reminds me of old Star Trek episodes when alien cultures have foolishly become dependent on some technology, drug or food source and resort to unseemly behavior when access is denied.
Privacy issues have led some famous technologists to quit Facebook in a very public manner. Personally, I've been of the "don't post it online if you don't want anyone to see it" school of thought.
But the new Facebook security concerns are of a different ilk. Eric Butler, Seattle web developer, has created a tool called FireSheep that serves one nefarious purpose: to hack into vulnerable Facebook accounts. To be clear, he created the Firefox plugin with the goal of drawing attention to Facebook's vulnerabilities in the hopes that the creators would make more substantial efforts to ensure secure access.
As I read over various technologists' responses to the plugin, the catch-22 we are in does seem vaguely reminiscent of Star Trekk plot dilemmas. The only real solutions to ensure secure access to sites such as Facebook and Twitter seem to be to set up your own Virtual Private Network (and even I am not geeky enough to do that), or to use a tool to force https access on the sites.
Or we could stop using Facebook.
But then again, we didn't stop using email when spammer got hold of our addresses; we developed spam filters and mailboxes and verification instead. And we didn't stop writing checks when forgers adopted check washing scams. And we didn't stop using computers when viruses and malware began their attacks. We just bought Macs instead of PCs.
Firesheep is the first step in creating tools that will allow us to adapt to Facebook's weaknesses. I predict that there will be a new market for Facebook and Twitter security widgets and plugins to correct this issue, just as there is a healthy market for antivirus and anti-malware software. Soon we'll all be downloading and updating those widgets just as readily as we update our current spam filters.
We humans are just crazy for adapting like that.