"The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works:
what Firesheep does is relatively straightforward:
1. Listen to all HTTP traffic.
2. Wait for HTTP headers from a known website.
3. Isolate the part of the cookie header that identifies the user.
4. Launch a new browser session with that cookie. Bam! As far as the target webserver is concerned, you are that user!
All Firesheep has to do, really, is listen. That's pretty much all there is to this "hack". Scary, right? Well, then you should be positively quaking in your boots, because this is the way the entire internet has worked since 1994, when cookies were invented.