It’s been a whole year since Firesheep was released. One year old and more than 1.9 million downloads of the Firefox plugin that allows an attacker to take over improperly secured accounts when accessed from a Wi-Fi hotspot.
The solution to the problem is website operators need to secure everything in the session starting from the login. Some big websites have done so — such as bitly, Dropbox, GitHub, Gmail and Windows Live — where SSL is on by default.
Facebook has made incremental improvements by giving the users a choice to enable SSL for their account and by transitioning apps to SSL. Google will soon be securing searches, since the Google web history has been shown to be vulnerable to Firesheep.
Other sites are slowly making improvements, but not at the pace expected given the 1.9 million Firesheep downloads.