[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
Paul Nijjar
paul_nijjar at yahoo.ca
Wed Oct 27 09:43:55 EDT 2010
On Tue, Oct 26, 2010 at 07:18:03PM -0400, unsolicited wrote:
> Paul Nijjar wrote, On 10/26/2010 3:26 PM:
>
> Assuming by hotspot you mean public access - why do you feel you need to
> do anything?
Man. If you knew the computer proficiency of our users you would
cringe.
I may not have a legal responsibility to protect my users from script
kiddies sniffing their credentials, but I am paid the big bucks to
structure our services so that they are useful and safe.
> - does something change here if you encrypt and put below it the really
> easy password? [What's the difference between the two situations?]
> (Granted, I can't sniff your session cookie easily under any form of
> encryption, but open is open.)
That is the question I am trying to resolve. Lori offered a partial
answer. I guess I will have to dig deeper.
I can't believe that this is not a solved problem.
- Paul
--
http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list