The other wrinkle is that even if the developer moves the session to SSL, they might forget to mark the cookie secure. So when the user goes to their old http:// bookmark they might still leak out their session cookie and be vulnerable to session-jacking.
-nage On Thu, Nov 4, 2010 at 2:12 PM, Merrill Oveson <move...@gmail.com> wrote: > Does it only involve wireless traffic? > > On Thu, Nov 4, 2010 at 1:09 PM, Charles Curley > <charlescur...@charlescurley.com> wrote: > > I haven't seen any discussion of FireSheep here. > > > > > http://www.charlescurley.com/blog/archives/2010/11/04/bringing_in_the_sheep/index.html > > > > -- > > > > Charles Curley /"\ ASCII Ribbon Campaign > > Looking for fine software \ / Respect for open standards > > and/or writing? X No HTML/RTF in email > > http://www.charlescurley.com / \ No M$ Word docs in email > > > > Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
