The new FireSheep FireFox plugin is reportedly capable of letting another user see and change your eNom account if you are logged-into an unsecured wifi hotspot. If you log-onto eNom and they are running this plugon they are also logged-in. They can push your domains to their account, change your password, disable security settings, and wreak all kinds of havoc. The creator of the plugin is reportedly targeting GoDaddy next.
Many websites, like eNom, use SSL for their login process. Once you are logged-in, however, they send you a cookie with your account settings in a manner that is insecure. Hackers have always been able to read this cookie, but now 300,000 other people who have downloaded the FireSheep plugin can also do this.
The fix – Don’t log into unsecured wifi hotspots. Steve Gibson, well known PC security analyst is on record recommending that Starbucks secure all of their hotspots and just require people to login with the password “Starbucks.” That’s all it would take. The destination website itself, such as eNom, should also stop sending an unsecured cookie. Like banks, they could simply encrypt everything. That is the best fix – and all domain registrars need to set up full https encryption across their sites as soon as possible.