[chapel]

A better solution would be for those sites targeted by FireSheep to force encrypted connections to login.

Also a simple fix for open networks is to enable WPA encryption with a simple password and give it to everyone that wants to use the network. It works the same to the end user (just one extra step) but at the same time protects them from unwanted snooping.

On a side note, all those coffee shops that don't like people solely using their networks and monopolizing tables, this news could push people to use unsecured networks less.

[die_sekte]

Actually, just encrypting the login is not enough. FireSheep steals session keys, not passwords. Everything that needs to have the session key needs to be served over SSL.

[chapel]

That's what I meant, but obviously didn't explain it correctly. Thanks for the correction.