Bringing in the Sheep: the FireSheep firestorm

Nathan pluggie at gmail.com
Thu Nov 4 14:24:18 MDT 2010


The other wrinkle is that even if the developer moves the session to SSL,
they might forget to mark the cookie secure.  So when the user goes to their
old http:// bookmark they might still leak out their session cookie and
be vulnerable to session-jacking.

-nage

On Thu, Nov 4, 2010 at 2:12 PM, Merrill Oveson <moveson at gmail.com> wrote:

> Does it only involve wireless traffic?
>
> On Thu, Nov 4, 2010 at 1:09 PM, Charles Curley
> <charlescurley at charlescurley.com> wrote:
> > I haven't seen any discussion of FireSheep here.
> >
> >
> http://www.charlescurley.com/blog/archives/2010/11/04/bringing_in_the_sheep/index.html
> >
> > --
> >
> > Charles Curley                  /"\    ASCII Ribbon Campaign
> > Looking for fine software       \ /    Respect for open standards
> > and/or writing?                  X     No HTML/RTF in email
> > http://www.charlescurley.com    / \    No M$ Word docs in email
> >
> > Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
> >
> > /*
> > PLUG: http://plug.org, #utah on irc.freenode.net
> > Unsubscribe: http://plug.org/mailman/options/plug
> > Don't fear the penguin.
> > */
> >
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list