Remember Firesheep? That Firefox plug in that, over unsecured wi-fi connections, could let people steal your digital identity and log on as you for Facebook, Twitter and more (and later popped up in a mobile version)? Well, it just got even more real:
A pair of security researchers have created their own version of the notorious Firesheep plugin to expose a data leak in the world's favourite search engine.
The proof-of-concept plugin exploits the use of unencrypted cookies by Google's Web History feature.
Although you need to be logged in to make use of Web History it does not require an encrypted (HTTPS) connection. This flaw can allow attackers to find out what you've been searching for, who your social contacts are and who's in your Gmail address book.
The new variant of Firesheep allows hackers to easily exploit the flaw if they are sharing the same WiFi hotspot as you.
This one doesn't get into your Google accounts, so your precious Google+ stream is safe (for now), but it highlights how insecure even the biggest sites are.
[Source: Naked Security]