A new Firefox addon known as Firesheep can allow someone snooping a public WiFi spot to steal many social networking connections of the other WiFi users. The addon relies on an unfortunate practice used by many websites to switch to insecure methods to transport the data content after the secure username/password authentication. Combine this vulnerability with the ability to see other computers’ traffic in a shared media environment (such as WiFi), and you can “sidejack” any web session that relies on the authenticated user’s cookie.
Personal blogs are vulnerable to this due to the general lack of SSL support on hosted sites, but even major players such as Facebook are also vulnerable, despite investing in their own infrastructure. Despite some long-standing misconceptions, enabling SSL doesn’t require that much additional infrastructure, but it does have an up-front administrative component which cannot be glossed over.
WordPress users may find the WPMu post on the topic useful, assuming they already have a SSL certificate installed. Else, they’ll need to work with their ISP to install a cert.