Researchers extend Firesheep to exploit Google Search data leak

A pair of security researchers have created their own version of the notorious Firesheep plugin to expose a data leak in the world's favourite search engine.

The proof-of-concept plugin exploits the use of unencrypted cookies by Google's Web History feature.

Although you need to be logged in to make use of Web History it does not require an encrypted (HTTPS) connection. This flaw can allow attackers to find out what you've been searching for, who your social contacts are and who's in your Gmail address book. The new variant of Firesheep allows hackers to easily exploit the flaw if they are sharing the same WiFi hotspot as you.