On Mon, Oct 25, 2010 at 1:15 PM, Hay (Husky) huskyr@gmail.com wrote:
A new Firefox plugin that makes it trivially easy to hijack cookies from a website that's using HTTP for login over an unencrypted wireless network.
It doesn't hijack login, it hijacks cookies, so we're only protected if we serve all pages over HTTPS. The major problem with this is that it's hard to serve different domains over HTTPS from the same server, because the server has to present the certificate before the client says what domain it's trying to log into. We could probably work around this somehow, e.g., have a different IP address for different second-level domains (which represent different virtual IP addresses of the same server) and then have a wildcard domain certificate for each second-level domain. In principle there are also spiffier ways to do it, like SNI or maybe subjectAltName:
http://en.wikipedia.org/wiki/Server_Name_Indication
But those might not be reliably usable yet.
Anyway, this is all doable in principle, yes. It will probably impose no significant processing overhead, CPUs are powerful enough today that TLS shouldn't be a big deal. (I recall hearing that Google noticed no increase in CPU usage after enabling TLS by default for Gmail.) But it's not necessarily trivial to set up. My impression is that the ops have "get proper TLS working" somewhere fairly low on their priority list.