[Fwd: ebay sends passwords in the clear]

der.hans PLUGd@LuftHans.com
Sun, 27 Feb 2000 18:11:39 -0700 (MST)


moin, moin,

if they're putting private info into the cookies it's not safe. Those
cookies, unless set properly, also get sent for non-ssl
connections. Hence, if you check in via ssl, but then go to a non-secure
section of the web site all of the info saved in those cookies is readily
sniffable :(.

ciao,

der.hans
-- 
# +++++++++++=================================+++++++++++ #
#  der.hans@LuftHans.com                  www.excelco.com #
#             http://home.pages.de/~lufthans/             #
#   Linux sys_adm class, 29Feb - 03Mar at Viking Systems  #
#              http://www.VikingSystems.com/              #
#                 When I work, I work hard                #
#                 When I play, I play hard                #
#            When I sit, I sleep. - Embe Kugler           #
# ===========+++++++++++++++++++++++++++++++++=========== #