|
|
|
|
|
|
by burgerbrain
5616 days ago
|
|
|
Firesheep doesn't steal passwords, it grabs cookies used for authentication. The distinction is important because with firesheep, simply putting your login page on https isn't sufficient. Stealing passwords is of course also trivial, but to do that you need to force a situation where the user has to actually log in again (see Moxie Marlinspike's sslstrip..., which will nail the majority of people even if the site normally does use https for everything. Really bloody effective.) |
|
|