Log in

No account? Create an account

Letzter Eintrag | Nächster Eintrag

i'd buy an 'S'

"Gmail username and password authentication takes place over HTTPS, but then you get a session cookie and the rest of your session takes place over unencrypted HTTP. Robert Graham’s demo at Black Hat showed that by sniffing the cookie over an open network, the Gmail session can be hijacked."

Q: Daring Fireball
This almost certainly affects livejournal.com, too. At best.

While I'm certain that most users don't care about their securi.. privacy anyway, best practice should be used, whenever possible.

I'm curious how high the cost for secure traffic nowadays is, if even Google can't seem to afford it.

From a users customers POV it seems ridiculous to have computers with horsepowers of Ferraris, cable connections with throughputs of MBits/sec but the providers of our online services can't afford to deal with our data other than naked.