What is Mozilla doing? Nothing. According to them, it does not utilize any security vulnerabilities in Firefox itself. Admittedly, I'm not sure there's much they can do, the source code is out there, but still, they aren't showing any concern.
Which means it's up to us to protect ourselves.
How can you defend against this? Wired connections as much as possible. Out and about? If you can't use a Virtual Private Network or can't rent one, you could either use MiFi (turns a 3G or 4G connection on your own mobile device into your own wifi AP (Access Point), but given how expensive data plans are, if you can afford this, you can probably afford your own VPN anyway, and if too many do it, it could bog down the cellular broadband, as iPhone owners know too well) or INSIST on Transport Layer Security (TLS), Secure Sockets Layer (SSL), or both over HTTP (HTTPS).
But, Peter, some of you are asking, many sites authenticate you securely, but then your regular traffic is unencrypted and can be intercepted. How can we possibly prevent this from happening? I'm glad you asked! There are at least three Firefox extension that will force sites to keep you secure instead of dumping you to an unencrypted stream. I would personally recommend HTTPS Everywhere
. Why? Because it's endorsed and hosted by those fine, upstanding folks at the Electronic Frontier Foundation. In other words, this is the real shit. Another alternative is Force TLS
, an add-on hosted at Mozilla. What's that? You want something broader than that? Here ya go, NoScript
. These three are the cream of the crop and will keep Firesheep users at bay.
We must look out for each other.