Re: Let's talk about HTTPS Everywhere
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 19 January 2011, Camaleón <noelamac@gmail.com> was heard
to say:
> Data stored in cookies is not what I understand for "sensitive".
> What kind of information do you think are cookies managing?
Maybe this would be enlightening:
http://codebutler.com/firesheep
FTA:
"It's extremely common for websites to protect your password by
encrypting the initial login, but surprisingly uncommon for websites
to encrypt everything else. This leaves the cookie (and the user)
vulnerable. HTTP session hijacking (sometimes called "sidejacking")
is when an attacker gets a hold of a user's cookie, allowing them to
do anything the user can do on a particular website. On an open
wireless network, cookies are basically shouted through the air,
making these attacks extremely easy."
- --
Those who torment us for our own good will torment us without end,
for they do so with the approval of their consciences.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTTcJDi9Y35yItIgBAQJmvgf/aKGqgKI6mex6ncwMBbSCKhWzqQAw99Dm
K46w011tD1CGKz7p7NYhcODukChXsKp168SRGAGkD9YVGYvzFRk5r/YnMhNxEe0B
wfNu+Y51BXlHz1kUwPDcJ5iri4GDhvD2A8ZJ1LQy4O35nKSsdgVsJWkSkQezIumm
VYX1M/LKoexvNU7XdZZhyqbh8QEC2rDVkKXBAqI/TxpLoYGsl/LL1gxKe/Ee/DFQ
t7KiSXhEICmowEaDvc9Cbx/DjwYBrNW0U00FgY8M9TMDcc1I6627lXNWuoYwTvIb
rE1iKhHs2c37USgiNvasOYcy+ouYqvjT/yiK7KA+S73DLBEgMoX85w==
=2GLc
-----END PGP SIGNATURE-----
Reply to: