I have long operated an open and unsecured wifi access point at home. Why? For anything that really requires security, such as online banking, I am relying on end-to-end encryption via SSL. That requires being somewhat diligent to make sure your browser actually shows it has a secure connection because otherwise you are potentially subject to a MITM attack where the attacker rewrites secure to unsecure connections. But end-to-end based on certificates provides much higher security than any of the wireless standards.
I have also not been super worried about someone sniffing my password or doing a replay attack because those still required a bit of setup and I figure that kids in the suburbs were more likely to be on Facebook than spend time hijacking my session.
Firesheep changes that by shrink-wrapping the replay attack in a browser plug-in. Now it is entirely a question of point and click. This is an example of where a change in degree becomes a change in type. The attack is not 10 percent easier or faster, it is now a mass market product.
I will continue to leave my wifi network open at home and will also continue to use open wifi networks while I am on the road, but I will now do so only over a secure proxy. Thankfully I run several servers in the cloud, so having my own up and running is straightforward.
But there may also be a business opportunity here. People could start to run secure proxies and charge for them. This has been attempted I the past but without much success. The combination of Firesheep and some of the concerns over profiling may might be enough. I say might because historically convenience has trumped security and privacy for consumers.
