sidejacking "When logging into a Web site you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a 'cookie,' which is used by your browser for all subsequent requests."
Most Web sites protect your username and password with a secure HTTPS connection. Unfortunately, many immediately drop back into insecure HTTP once a visitor is signed in - and the site sends its cookie back over a now-insecure connection. Anybody snooping on your conversation can make a copy of the cookie and use it to interact with the Web site in precisely the same way you do. David Ferrin Most people don't know what they're doing and a lot of them are really good at it. For answers to frequently asked questions about this list visit: http://www.jaws-users.com/help/
