How To Protect Against Firesheep Attacks

Monday we mentioned Firesheep, a plug-in that trivializes ID spoofing on social networks. Since then various security researches have come out to suggest How to Protect Yourself against Firesheep Attacks (submitted by Batblue). Of course the advice is pretty obvious: Don't use free Wi-Fi, use SSL, or a VPN. It seems to me that the big sites should start by redirecting all non-SSL traffic to https automatically. If you want to be insecure, you'd have to explicitly state that you can't encrypt for some reason.

how about

[Spy+Handler]

simply not using social networks?

Re:Let's just encrypt everything all the time

[Bert64]

You can get a wildcard certificate relatively cheaply which would be valid for any subdomain of slashdot.org, StartSSL charge $50 for 2 years for instance (and they offer normal non wildcard certs for free).

Why would anyone expect...

[OldHawk777]

Why would anyone expect a company to be responsible to a person, the public, a nation, a species?

"Big sites should start by redirecting all non-ssl traffic to https automatically" you ask to much of an institution/company, consideration of right and wrong is a human idiosyncrasy.

As if a company could ever feel guilt of remorse about trivialities. Chemical spills in India and other places (EU, US, RO, CN...) have caused mass murders, but there is seldom a trial and the penalty for the company C*O is usually less than a slap on the hand, followed by a pat on the back and a larger annual bonus.

Expecting business and institution responsibility to a person or the public is species-hubris and silly.