In only a few short weeks, Firesheep has captured the attention and interest of hundreds of thousands of people around the world, and has spurred a lot of great discussion. This is the third in a series of posts highlighting and responding to topics I found most interesting.
A Firefox extension that demonstrates HTTP session hijacking attacks.
dieser ganze ssl/cert kram wird immer schräger. benutzern ist es ja schon länger nicht mehr zuzumuten das zu verstehen, aber jetzt sind auch die richtigen experten auszutricksen
A small process which will redirect the the required pages to a SSL version of the page.
mitmproxy is an interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.
Enabling HTTP Strict Transport Security on debian servers - I just enabled HTTP Strict Transport Security (HSTS) markers on a bunch of web servers that offer HTTPS. It's an easy step to take, and it means that users of HSTS-compliant browsers (such as Chromium and the upcoming Firefox 4) or browsers with HSTS-compliant extensions (like Firefox's NoScript or HTTPS-Everywhere) will no longer be vulnerable to attacks like sslstrip once they have made one successful connection to the HSTS-enabled HTTPS web site.