Bringing in the Sheep: the FireSheep firestorm
pluggie at gmail.com
Thu Nov 4 14:24:18 MDT 2010
The other wrinkle is that even if the developer moves the session to SSL,
they might forget to mark the cookie secure. So when the user goes to their
old http:// bookmark they might still leak out their session cookie and
be vulnerable to session-jacking.
On Thu, Nov 4, 2010 at 2:12 PM, Merrill Oveson <moveson at gmail.com> wrote:
> Does it only involve wireless traffic?
> On Thu, Nov 4, 2010 at 1:09 PM, Charles Curley
> <charlescurley at charlescurley.com> wrote:
> > I haven't seen any discussion of FireSheep here.
> > --
> > Charles Curley /"\ ASCII Ribbon Campaign
> > Looking for fine software \ / Respect for open standards
> > and/or writing? X No HTML/RTF in email
> > http://www.charlescurley.com / \ No M$ Word docs in email
> > Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG