Firesheep and cafe wifi. Doing logons via http results in sending your session cookie over the air, where it is easy to snag and clone. However, it wasn't until firesheep was published and made it drop dead easy for any idiot to easily hijack traffic that Google and Facebook finally moved to requireing SSL for authenticated sessions.
More accurately, it was when hundreds of people received email/notices from themselves pointing out that they were broadcasting their logon info. Both services initially blamed firesheep for their lack of protection for end users[cause multi billion dollar companies can't afford the extra system processing of ssl servers]. As the old saying goes, doors and locks on houses keep honest people honest... sure, the big glass window on the first floor is easy to smash and break into...but 90% of people who might steal from a house if they find the door unlocked, won't dream of breaking that window. On Thu, Sep 15, 2011 at 8:32 AM, Joseph Apuzzo <[email protected]> wrote: > A friend of mind turned me on to https://www.google.com aka to have an > encrypted conversation with Google. > I've been using it, since I like as much crypt-o traffic on the net as > possible. > > But why? Anyone have any intelligent toughs on the subject, I would like to > hear your take on the service and what it's good for. > > -- > /** > ** Joe Apuzzo > ** Call Sign: KD2AKU > ** PGP/GPG: pub key ID BB5C7 > **/ > > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > Oct 5 - Distributed Authentication Systems > Nov 2 - Nov 2011 > Dec 7 - Chef > >
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed & Centralized Authentication Systems Nov 2 - POV-Ray and The Relativity Train Dec 7 - Chef
