--
You received this message because you are subscribed to the Google Groups "i3 Detroit Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to i3detroit-public+unsubscribe@googlegroups.com.
To post to this group, send email to i3detroit-public@googlegroups.com.
Visit this group at https://groups.google.com/group/i3detroit-public.
For more options, visit https://groups.google.com/d/optout.
17 | A session which is entirely over HTTPS is fairly safe, as all requests from the browser, and pages transmitted by the server are encrypted. However, when accessed via HTTPS, many sites will only carry out the authentication step over HTTPS, and then drop back to HTTP for the rest of the session. So, your password itself is safe, but the session ID used by the server to identify you for that session is transmitted in the clear by your browser. This reduces the load on the webserver (because encryption/decryption is CPU-intensive) but makes the site much less secure. Gmail is safe because it uses HTTPS for the whole session, but Facebook and many other sites do not. This is how tools such as Firesheep are able to hijack users' accounts when an attacker is sharing an unencrypted wireless network. |