Re: Concerns about the use and lack of use of HTTPS with ICMS |
Subject: Re: Concerns about the use and lack of use of HTTPS with ICMS by Madfish on 2010/11/12 18:06:49 This just got a bit more scary because of the release of Firesheep, an add-on for Firefox that sniffs cookies on open wireless networks. It lets you see who is logged into what on the network and hijack their session with one click, no skill required. It affects any site not using SSL (eg Facebook, Twitter etc). It also affects sites that drop back out of SSL after login has taken place (eg. Amazon, and which is how Impress works I think). There's a good Security Now podcast on Firesheep (skip to last half hour) or have a look at this blog post. Basically he's saying this will probably force all the big players to move to full time SSL. See also Aph3x's thread on setting up Impress under SSL. |