User: Password:
|
|
Subscribe / Log in / New account

Gathering session cookies with Firesheep

Gathering session cookies with Firesheep

Posted Nov 11, 2010 5:43 UTC (Thu) by filteredperception (guest, #5692)
In reply to: Gathering session cookies with Firesheep by foom
Parent article: Gathering session cookies with Firesheep

> You can't get just *any* non-self-signed cert. It has to be a cert valid for the domain name the user is trying to access, signed by one of the certification authorities trusted by the browser.

duh, OK, I figured I was missing something. Hmmm... Maybe the real issue is that certs cost $$ for no good reason, and that is the central issue impeding much more widespread use of https.


(Log in to post comments)

Gathering session cookies with Firesheep

Posted Nov 13, 2010 10:31 UTC (Sat) by gerv (subscriber, #3376) [Link]

Certs don't "cost $$ for no good reason". If all you want is a Domain Verified cert, get one from StartCom for free. And if you want an EV cert, the CA has to do a load of checks (see cabforum.org for the document listing them all) and that costs money, so you should expect to pay. Any CA can sign up to issue them, with the relevant audits, so it's not a closed market and there is competition.

Gerv


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds