On Wed, 19 Jan 2011 17:50:58 +0000 (UTC) Camaleón <noela...@gmail.com> wrote:
> On Wed, 19 Jan 2011 18:07:36 +0100, tv.deb...@googlemail.com wrote: ... > > It is not only the data enclosed inside the cookie which are at risk > > here, but the entire session on the website you are logged in. Say you > > log into your "friendface" account, and someone near your catch your > > unencrypted session cookie, then he is YOU on YOUR "friendface" > > account... > > That sounds like bad programming or a buggy site. There are methods to > prevent such attacks on the server side that involves no encrypted > sessions, but sometimes it is easier (and cheaper) for companies to rely > on completely encrypted sessions and not implement another > countermeasures. I'm curious - how can one completely guard against a MITM attack without using encryption? Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110119160930.225f5f8b.cele...@gmail.com
