By installing and running firesheep, anyone can "sniff out" the unencrypted HTTP sessions currently allowing users on that network segment to access social networks, online services and other website requiring a login, and simply hijack them and impersonate the user.
Full story »