On 8/3/07, Tracy Pearson <[EMAIL PROTECTED]> wrote: > http://www.reghardware.co.uk/2007/08/02/public_wifi_hack/ > > > Excerpt: > "If I sniff your Gmail connection and get all your cookies and attach > them to my Gmail, I now become you, I clone you," Graham said during a > presentation on Thursday. "Web 2.0 is now fundamentally broken." >
The other excerpt: "Now we know better. Any session that isn't protected from start to finish by SSL is vulnerable to the hack. And because session IDs generated by most sites are valid for an indefinite period, that means intruders could silently access our accounts for years - even if we regularly change our passwords." This has nothing to do with Web 2.0 (whatever that is), Javascript, AJAX or any of the other WebTwoOh-ish stuff. This is basic https: secure hypertext transport protocol. If you're not using https, if you don't see the padlock in the browser, what you are doing is not secure. SSL is more processor- and power-intensive than non-encrypted sessions. Session cookie hijacking has always been a problem. But thanks for the reminder. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
