According to Seattle-based software developer Eric Butler, if you sign into some of the Web's most popular site's through unsecured Wi-Fi networks (such as those available at airports and coffee shops), hackers could easily spy on you and steal your password information.
To show Internet users and websites the severity of this privacy hole, Butler created a free Firefox Web browser extension that, once downloaded, lets users hijack others' user information themselves.
Called Firesheep, the program lets users see who is connecting to the Internet through an unsecured Wi-Fi network. Once someone connects to an open Wi-Fi network, the program shows the person's name and photograph.
Just double-click on someone's name and - voila! – you're instantaneously signed in as them. If a person is using Facebook over an unsecured WI-Fi network, with Firesheep's help, you could go into their account, change their password, check out their profile, interact with their friends and more.
Butler did not immediately respond to a request for comment from ABCNews.com. But in a blog post on Firesheep, he said the program exploits a security flaw related to browser cookies.
When a user signs into a website with a username and password, the server searches for an account that matches the information. Once the server finds the matching account, it sends the user a cookie that the Web browser uses for the rest of the online session. But though the initial login is encrypted by the website, everything that follows is not, Butler said.
Over public Wi-Fi networks, hackers can easily use the unprotected cookies to spy on the connection and sniff out login information, he said.
"This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL," Butler said. Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win."
Aaron Higbee, co-founder and chief technology officer of security firm Intrepidus Group, said Firesheep highlights the risks associated with public Wi-Fi networks.
"I equate public Wi-Fi to a public restroom," he said. "You never know what you're going to catch and you only use it if you absolutely have to."
Open Wi-Fi hotspots may be convenient for on-the-go Internet users but, he said, most consumers probably don't realize that when they connect to an open Wi-Fi network that does not have encryption, they're basically broadcasting their online session to everyone within listening distance.
Hackers could eavesdrop on these connections before Firesheep, but with the new program, this kind of online spying is easier than ever for a layperson, he said.