Firefox 4

There is lot of buzz going about Firesheep which steals cookies of Facebook and Twitter users accounts via Open Wi-Fi networks, Force-TLS ,Use HTTPS , HTTPS everywhere and BlackSheep extensions protects users this from happening. If you are using latest Firefox 4 Beta 7 or nightly build you are automatically protected from this, you don’t need to install any extension because of Force-TLS  functionality has been implemented as HTTP Strict Transport Security (HSTS) in Firefox 4 which prevents man-in-the-middle attacks over HTTP.

Mozilla says all the sites like Twitter and Facebook offering users to connect via secure connections needs to  simply set the Strict Transport Security HTTP Header when they serve user secure log-in page and make rest of their sites available over HTTPS.  Firefox will take care of rest, automatically fetching that site over a secure connection and any third parties from seeing the unencrypted topic.

So Twitter and Facebook sites need to add set Strict Transport Security HTTP Header to protect their users. Firefox 3.6 and Google Chrome users can use above mentioned add-ons to protect from Firesheep.