Final answer:
Session hijacking refers to an unauthorized control of a user's web session, commonly to access sensitive data. Firesheep was released to expose the security risks of websites not using HTTPS, pressuring for better security practices.
Step-by-step explanation:
Session hijacking is a form of cyberattack where a hacker takes control of a user session after successfully obtaining or generating an authentication session ID. This is often done to steal sensitive information or gain unauthorized access to restricted systems. Hackers employ various techniques to accomplish this, such as sniffing for unencrypted sessions on a network, predicting session token generation, or exploiting cross-site scripting flaws. One of the tools made infamous for facilitating this was Firesheep, a Firefox extension that allowed even average users to hijack sessions on unsecured networks.
The author of Firesheep, Eric Butler, justified the release of the extension as a way to highlight the security flaws of websites that do not use HTTPS encryption for their entire session. He wanted to demonstrate the ease with which sessions could be hijacked over open Wi-Fi networks, thereby prompting both website owners and users to prioritize security and push for the widespread implementation of HTTPS to protect online sessions.