From what I've read of FireShepard, it's a really bad countermeasure. Basically as described it's doing a DoS attack on people using FireSheep, probably triggered by a coding error that could be fixed.
Two big problems
1) What if the DoS affects other parts of the infrastructure like the Wireless Access Point. Can't imagine hotspot owners will be too happy if people start doing this all the time.
2) False sense of security. Using FireShepard is unlikely to stop other means of getting access to the data (eg, kismet), it only stops FireSheep (for now).
This a naive question, but what would prevent Google from buying one of the trusted CAs (or fast tracking their own service into most browsers) and knocking the bottom out of the cert market with a free and easy SSL solution?
It doesn't make much business sense, but it fits in with some of Google's more philanthropic initiatives for a healthier net.
As I understand it, certificates are not the only problem. SSL requires significantly more overhead on the server as well, which is why it is commonly used just for logins.
The overhead of running your webserver itself of SSL isn't that huge a deal. But it usually means you also need to load all images and static assets off a HTTPS server, which makes things a bit more complicated than just throwing them on a cheap CDN. And, of course, using HTTPS means you skip any caching proxies that are between you and the user.
The bottom line is that with keep-alive connections, the overhead should be less of a problem, since the only expensive part is the initial RSA key generation.
A better solution would be for those sites targeted by FireSheep to force encrypted connections to login.
Also a simple fix for open networks is to enable WPA encryption with a simple password and give it to everyone that wants to use the network. It works the same to the end user (just one extra step) but at the same time protects them from unwanted snooping.
On a side note, all those coffee shops that don't like people solely using their networks and monopolizing tables, this news could push people to use unsecured networks less.
Actually, just encrypting the login is not enough. FireSheep steals session keys, not passwords. Everything that needs to have the session key needs to be served over SSL.
Two big problems
1) What if the DoS affects other parts of the infrastructure like the Wireless Access Point. Can't imagine hotspot owners will be too happy if people start doing this all the time.
2) False sense of security. Using FireShepard is unlikely to stop other means of getting access to the data (eg, kismet), it only stops FireSheep (for now).