[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Paul Nijjar paul_nijjar at yahoo.ca
Wed Oct 27 09:43:55 EDT 2010


On Tue, Oct 26, 2010 at 07:18:03PM -0400, unsolicited wrote:
> Paul Nijjar wrote, On 10/26/2010 3:26 PM:
>
> Assuming by hotspot you mean public access - why do you feel you need to 
> do anything?

Man. If you knew the computer proficiency of our users you would
cringe. 

I may not have a legal responsibility to protect my users from script
kiddies sniffing their credentials, but I am paid the big bucks to
structure our services so that they are useful and safe. 

> - does something change here if you encrypt and put below it the really 
> easy password? [What's the difference between the two situations?] 
> (Granted, I can't sniff your session cookie easily under any form of 
> encryption, but open is open.)

That is the question I am trying to resolve. Lori offered a partial
answer. I guess I will have to dig deeper. 

I can't believe that this is not a solved problem. 

- Paul

-- 
http://pnijjar.freeshell.org 





More information about the kwlug-disc mailing list