-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 19 January 2011, Camaleón <noela...@gmail.com> was heard to say: > Data stored in cookies is not what I understand for "sensitive". > What kind of information do you think are cookies managing?
Maybe this would be enlightening: http://codebutler.com/firesheep FTA: "It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." - -- Those who torment us for our own good will torment us without end, for they do so with the approval of their consciences. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTTcJDi9Y35yItIgBAQJmvgf/aKGqgKI6mex6ncwMBbSCKhWzqQAw99Dm K46w011tD1CGKz7p7NYhcODukChXsKp168SRGAGkD9YVGYvzFRk5r/YnMhNxEe0B wfNu+Y51BXlHz1kUwPDcJ5iri4GDhvD2A8ZJ1LQy4O35nKSsdgVsJWkSkQezIumm VYX1M/LKoexvNU7XdZZhyqbh8QEC2rDVkKXBAqI/TxpLoYGsl/LL1gxKe/Ee/DFQ t7KiSXhEICmowEaDvc9Cbx/DjwYBrNW0U00FgY8M9TMDcc1I6627lXNWuoYwTvIb rE1iKhHs2c37USgiNvasOYcy+ouYqvjT/yiK7KA+S73DLBEgMoX85w== =2GLc -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201101191053.50768.howl...@priss.com
