[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Raul Suarez rarsa at yahoo.com
Wed Oct 27 20:33:24 EDT 2010

--- On Tue, 10/26/10, Lori Paniak <ldpaniak at fourpisolutions.com> wrote:
> Additional motivation for major sites to get their SSL act together
> would be boycotts of those that exchange credentials in clear text. 

The way I understood it is that it is not the credentials that are captured but the identity stored in a cookie.

Many sites encrypt the login but once authenticated the rest is unencrypted.

Once you have the identity key, your browser can impersonate the session and get the access the other browser has.

For the other people that have followed this up, Am I right?

Raul Suarez

Technology consultant
Software, Hardware and Practices
Twitter: rarsamx
An eclectic collection of random thoughts

More information about the kwlug-disc mailing list