Has anyone seen this?
http://codebutler.com/firesheep
A new Firefox plugin that makes it trivially easy to hijack cookies
from a website that's using HTTP for login over an unencrypted
wireless network. Wikipedia isn't in the standard installation as a
site (lots of other sites, such as Facebook, Twitter, etc. are). We
are using HTTP login by default, so i guess we're vulnerable as well
(please say so if we're using some other kind of defensive mechanism
i'm not aware of). Might it be a good idea to se HTTPS as the standard
login? Gmail has been doing this since april this year.
-- Hay