StarDestroyer.Net BBS

Pu-239 wrote:

Uraniun235 wrote:It doesn't work. Navigate around the Facebook website and it just tosses you back to plain HTTP.

Your username/password will still be encrypted at least. Hm, actually, looking at the source, it's encrypted even via the normal HTTP link, although that's vulnerable to MITM.

Firesheep isn't about capturing passwords though, it's capturing the session cookies instead. Yeah, if you're logging in, it's handy to protect your password - but on an open network someone could come in after you've logged in to Facebook, and still get access to your FB account.