Firesheep: A Mozilla Plug-in developed for Session Hijacking.
Vulnerabilities: Details of your login (User names, passwords) for Sites such as Facebook can be easily uncovered (i.e. your session details can be uncovered).
Root course: Although you login to certain sites which encrypt their log-in pages with SSL, it revert to HTTP as soon as the user leaves the log-in page, so that a hacker could easily hijack your session.
Solution: Only the use of full time TLS/SSL will keep a user safe from being Session Hijacked.
Business organizations should protect their customers and employees by means of
• Consider extending HTTPS to their whole website.
• Ensure all critical web applications use HTTPS.
• Use a trusted Certification Authority with a well recognized trust mark.
• Advise the customers via the website about the use of HTTPS and explain its importance.
• Enforce the use of VPNs for all critical web applications.
• Educate customers and colleagues about the dangers of Session Hijacking.