Monday we mentioned Firesheep, a plug-in that trivializes ID spoofing on social networks
. Since then various security researches have come out to suggest
How to Protect Yourself against Firesheep Attacks
Batblue). Of course the advice is pretty obvious: Don't use free Wi-Fi, use SSL, or a VPN. It seems to me that the big sites should start by redirecting all non-SSL traffic to https automatically. If you want to be insecure, you'd have to explicitly state that you can't
encrypt for some reason.