At the September meeting, Shawn mentioned that one thing he took away from Defcon was that no matter how paranoid you are about security, you aren't paranoid enough. One thing that was brought up specifically was the hijacking of all of the network traffic at the con'.
I had said that if you were using https, you really did not have much to worry about... turns out I was wrong! Apparently, in that scenario, it is possible (and not really that difficult if you think about it,) to still hijack cookies that are used in a https session: http://fscked.org/blog/fully-automated-active-https-cookie-hijacking To (mis)quote Scarface: First you get the cookie, then you get the session, then you get the money. Scary. -Mark C. _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
