It's eye-opening, neh?
There's tons of tools for doing this, too, which have been around,
well, decades.
That Cain and Able deal is years and years old. I remember running
L0phtCrack stuff ages ago, and being all like, "wow".
It's part of the reason why I'm pretty sure that we are not nearly a
running firesheep on my local laptop on my wifi, wpa-tkip protected, i
fired up firesheep.
i then visited a website that had a google calendar on it.
immediately in firesheep is the
login icon for a colleague's google account. gmail, everything.
uh... this is completely not good, on entirely too
