[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
rarsa at yahoo.com
Wed Oct 27 20:33:24 EDT 2010
--- On Tue, 10/26/10, Lori Paniak <ldpaniak at fourpisolutions.com> wrote:
> Additional motivation for major sites to get their SSL act together
> would be boycotts of those that exchange credentials in clear text.
The way I understood it is that it is not the credentials that are captured but the identity stored in a cookie.
Many sites encrypt the login but once authenticated the rest is unencrypted.
Once you have the identity key, your browser can impersonate the session and get the access the other browser has.
For the other people that have followed this up, Am I right?
Software, Hardware and Practices
An eclectic collection of random thoughts
More information about the kwlug-disc