On Thu, Nov 4, 2010 at 2:04 PM, Michael Torrie <torr...@gmail.com> wrote: > So this is basically an old-style attack, such as was common before the > days of internet switches. This is made even easier by the fact that > most wirelss routers are not only shared broadcast medium (like a hub) > but also natted through a common IP address, making firesheep's use of > the session indistinguishable from the victim's. And of course you have > to use a non-encrypted wireless connection, as WPA connections don't > allow clients to see eachother's traffic. >
Exactly, very old-style attack. Firesheep just makes this attack super dead simple. It was created to popularize the problem, in order to convince website owners in the importance of SSL. As far as SSL performance goes, It's generally not a big enough performance hit to add this additional risk. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */