Firesheep Firefox extension - http://codebutler.com/fireshe...
Oct 25, 2010
from
Amit Patel,
Shakeel Mahate,
Bret Taylor,
Benjamin Golub,
Private Sanjeev,
Richard Chen,
Gani Simsek,
Montisland,
M3rl1n0,
eugenio,
and
Jacopod
liked this
"Double-click on someone, and you're instantly logged in as them." [...] "It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable.On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy."
- Simon
ouch. Liking for the bump, but obviously not liking the tool.
- Private Sanjeev
the list of known sites: amazon basecamp bitly cisco cnet dropbox enom evernote facebook flickr foursquare github google gowalla hackernews harvest live nytimes pivotal sandiego_toorcon slicemanager tumblr twitter wordpress yahoo yelp... I'd expect this list to grow, ouch. Logging-in from Palo Alto cafes is a high risk activity now. There are few exceptions from this list I'm aware of though: GMail offers an https-only setting and Dropbox sets secure cookie flag.
- eugenio