Facebook Admits it Can't Yet Protect Users from Firesheep

Facebook has quietly admitted it can't protect users from the Firefox add-on that makes it easy for anyone from your neighbor to the guy next to you at Starbucks to hack your Facebook account.

Facebook has quietly admitted it can’t protect users from the Firefox add-on that makes it easy for anyone from your neighbor to the guy next to you at Starbucks to hack your Facebook account.

The acknowledgement came after Forbes.com’s Kashmir Hill questioned a Facebook spokesperson why the company, barraged by media attention and user anger over the privacy breach, hadn’t switched to secure browsing, or warned users about the issue.

“We have been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months,” the spokesperson said. “We advise people to use caution when sending or receiving information over unsecured Wi-Fi networks.”

The Firefox add-on, dubbed “Firesheep,” brought national attention to a long-known software flaw that leaves users working on open, Wi-Fi networks vulnerable to attack when it was released this month by a Seattle-based software developer intent on exposing the dangers of the open Web.

The easy-to-use app that gives users access to your Amazon, Facebook, Twitter, Flickr and Google accounts, just to name a few, has been downloaded more than 500,000 times since its release.

One such downloader, a blogger in New York City, exposed the power and the danger of the tool by simply sitting in a downtown Starbucks for 30 minutes with his laptop open. He claims to have collected between 20 and 40 identities in that time, with most of them from Facebook.

The Facebook spokesperson told Forbes.com that users should go to the Facebook Security Page when on an open network to see if more than one IP address is signed-in.

“Be careful about the information you access or send from a public wireless network,” the spokesperson added. “To be on the safe side, you may want to assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hot spot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network.”

What do you think? Is Facebook doing enough?