"Firesheep Highlights Web Privacy Problem" - Wall Street Journal "Digits" Blog "The Message of Firesheep: "Baaaad Websites, Implement Sitewide HTTPS Now!"" - EFF Deeplinks BLog "Firesheep Exposes Need For Encryption" - InformationWeek
Best: Site-wide HTTPS Secure cookies HSTS (Strict-Transport-Security) No mixed-content SSL Session resumption Design with security from the start EFF and OWASP have great guides on how to properly deploy HTTPS
Good: HTTPS for sensitive pages Secure cookies required for those pages No mixed content on secure pages ..still susceptible to determined active attackers (MiTM, SSLStrip)