Just a few days ago I had my first encounter with Firesheep. Luckily I was the one using it. Well, it scared me into looking for ways to secure myself. So I have two questions:
BlackSheep detects Firesheep in action, and HTTPS Everywhere helps use SSL-secured versions of popular sites - both are available as Firefox Addons. In general though you should try to avoid using high-value sites from open networks - there's no panacea.
in exactly what situations do you have to worry about a Firesheep attack? Only open wireless? What about a wireless network with an encryption key known to strangers?
WEP provides no protection.
WPA/WPA2 in PSK mode protects against firesheep alone(and other purely passive sniffing attacks). It does not protect against many active MITM attacks from others who know the PSK, but that wasn't the scope of your question.
The real fix is SSL everywhere. That's the point of the Firesheep tool release, to force the hand of the website owners. You can personally get some protection by using a VPN or simple SSH SOCKS proxy tunneling for your browser. Or get yourself a personal hotspot on 3G or 4G. Of course there is always the risk that the end point of your proxy, vpn, or service provider is being monitored...
Don't use "open" (with no-password) Wifis. Prefer wifis that are WPA-PSK protected. Tell the owner of the wifi about the problem and even show them a demonstration. It's an eye-opener experience.
Use HTTPS Everywhere or Force-TLS. Learn to configure them. Its not a solution for ALL sites. And please remenber that Firesheep is just an automated attack for specific sites. There are other manual attacks that targets any site you visit, by the same or different way (cookie stealing or other).
Tunnel all your traffic from a secure and trusted path. Secdrive.com is a new entry in the field. Also try Hotspot Shield, LogMeIn Hamachi2, OpenVPN or setup an SSH tunnel back to your home internet pc. Google and you'll find a lot of information.
My favorite one. Tor. You dont even need to install it. Check out the info and video at this link . It also allows you to run in from a USB drive and have anonymous and encrypted browsing AND IM !!!! (Please consider running "HTTPS Everywhere" extension from EFF.org all the time. That way no one can sniff your traffic, even people who control your Tor exit node.)
I use a Wimax device that implements a hotspot with a private SSID using WPA PSK that I only give to fully trusted individuals. I am thinking about switching to the Rover, which is also Wimax, but gives the owner the ability to have two SSIDs, one of which I would give to others and the other one which I would keep all to myself.
When I'm on corporate LANs or untrusted environments where I do not have a lot of control, I try to verify my default gateway's MAC address with an IT administrator or network engineer and then permanently store the MAC/IP pair in my arp table.
You can check out something like SheepSafe https://github.com/nicksieger/sheepsafe which is recommended by Github https://github.com/blog/737-sidejack-prevention
SheepSafe just puts a nice face to a proxy that routes all your port 80 traffic to a server somewhere that you've connected to via ssh. This server will need to know how to handle the traffic you're sending it.
The best fix is to stay off open wireless networks (no wpa2) and if you're logging into a site make sure it is using https. If you have to be on an open wireless network/http is used by the site and feel threatened then set up an proxy.
You could be attacked through firesheep if your on a WLAN but also if your on a non-switched or non-routed network. Mostly common on LAN parties and in homes, a normal HUB will allow your computer to detect the traffic of other computers on the network. Thus if your connected to a HUB other computers connected to the same HUB could potentially sniff up your connection and highjack it.
HTTPs however is encrypted, thus in order to do something similar to Firesheep you need to first crack the encryption. This is the point the developer of Firesheep is trying to make, that logins should be secured through HTTPs.
I use a chrome extension that if it detects that a website supports https it automatically redirects to the https version: https://chrome.google.com/extensions/detail/flcpelgcagfhfoegekianiofphddckof
If you want to use open WIFI - do all your surfing via a VPN service. Something like acevpn.com.
More VPN options here: http://mashable.com/2010/10/28/firesheep-vpns/
I was informed of FireShepherd by an user in the Firesheep Google Group ("Undefined Undefined" was his nickname); it retaliates against Firesheep users, generating and sending packets on the network which contain fake session cookies with unicode characters. These apparently (I haven't tested it) crash or stop the Firesheep plugin.
This is, of course, not a true way to secure yourself but just a counter against Firesheep, as the page explains; but every countermeasure counts, right? :)