Cool Sidejacking Security Scorecard (and a MobileMe Update)
First, for our non-technical readers who want to know more about this Firesheep/sidejacking thing, check out my relatively non-geeky article over at TidBITS.
After that, George Ou put together a great sidejacking security scorecard for a double fistful of major online services. He rates each site’s risk across their various services for full hijacking and full and partial sidejacking. Needless to say, very few services fare well.
Being a Mac geek, one service not mentioned is Apple’s MobileMe. I did some poking myself, and MobileMe both uses full-session SSL for all sessions, and sets a secure credential cookie so it won’t pass over basic HTTP. Also, the default for all MobileMe sync services is encrypted connections (I don’t have time to confirm with Wireshark, so I’m currently accepting other articles for that statement).
See… a reason Apple should buy Twitter ;)