Many websites use HTTPS to secure their communications with their visitors. The protocol encrypts both requests from a browser to a website and the pages displayed from the site. "Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking," the organization explained in a .

The problem is that HTTPS isn't implemented consistently. A site may default to insecure HTTP, or mix HTTPS and HTTP references on the same page. EFF's tool, HTTPS Everywhere, uses carefully crafted rules to switch sites from HTTP to HTTPS.

Today's release of HTTPS Everywhere, which can be from the EFF's website, contains enhancements specifically designed to foil Firesheep-inspired attacks. "It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks," asserted EFF Senior Staff Technologist Peter Eckersley. "And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal."

The reason Firesheep is so effective is because many websites fail to use HTTPS, according to EFF Technology Director Chris Palmer. "Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP," he said. "Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand."

Firesheep appeared at the end of last month. It was created by a who said he created the Firefox extension to demonstrate the security risks associated with session hijacking. Twenty-six online services are targeted by the software, including Amazon, Facebook, Google, Twitter, Windows Live and Yahoo.