LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Gathering session cookies with Firesheep

Gathering session cookies with Firesheep

Posted Nov 8, 2010 17:06 UTC (Mon) by gerv (subscriber, #3376)
In reply to: Gathering session cookies with Firesheep by ekj
Parent article: Gathering session cookies with Firesheep

I agree that Joe Public can't be trained to evaluate the danger of a changed certificate - but (and this is a big but) even if he cannot - how does that make him worse off, compared to http ?

Because if you make him used to dismissing changed-cert warnings, he'll also dismiss them when it's using CA-based HTTPS. Which makes him a lot worse off, because he'll get MITMed when accessing his bank.

Gerv

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds