[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Raul Suarez rarsa at yahoo.com
Wed Oct 27 20:33:24 EDT 2010


--- On Tue, 10/26/10, Lori Paniak <ldpaniak at fourpisolutions.com> wrote:
> Additional motivation for major sites to get their SSL act together
> would be boycotts of those that exchange credentials in clear text. 

The way I understood it is that it is not the credentials that are captured but the identity stored in a cookie.

Many sites encrypt the login but once authenticated the rest is unencrypted.

Once you have the identity key, your browser can impersonate the session and get the access the other browser has.

For the other people that have followed this up, Am I right?

Raul Suarez

Technology consultant
Software, Hardware and Practices
_________________
Twitter: rarsamx
http://rarsa.blogspot.com/ 
An eclectic collection of random thoughts






More information about the kwlug-disc_kwlug.org mailing list