Gathering session cookies with Firesheep
Posted Nov 8, 2010 17:06 UTC (Mon) by gerv
In reply to: Gathering session cookies with Firesheep
Parent article: Gathering session cookies with Firesheep
I agree that Joe Public can't be trained to evaluate the danger of a changed certificate - but (and this is a big but) even if he cannot - how does that make him worse off, compared to http ?
Because if you make him used to dismissing changed-cert warnings, he'll also dismiss them when it's using CA-based HTTPS. Which makes him a lot worse off, because he'll get MITMed when accessing his bank.
to post comments)