Firesheep is a Mozilla Firefox extension which was released in Autumn 2010 in order to demonstrate the insecurity inherent in social media websites which encrypt their log-in pages with SSL, but revert to HTTP as soon as the user leaves the log-in page.

Computing surveyed 140 business decision makers in order to understand how organisations view the threats posed by Firesheep and its mobile counterpart FaceNiff and how they are mitigating them. We wanted to understand if business organisations viewed these vulnerabilities as something to be concerned about or whether it was seen as something that purely affected consumers.

This paper features a detailed discussion of the survey findings and the implications of Firesheep and other session hijacking attacks for both corporate data security as well as customers and end users of websites.