MobileRead Forums - View Single Post

Mithent · 11-12-2010, 04:20 AM

It's possible that the Kindle does not use cookies for access to the store, because it's not accessed through the web browser and may therefore use some other method of authentication which Firesheep does not intercept. However, even if it transmits another unique ID that Firesheep can't currently capture, it would be possible to intercept that on an unsecured network if it's transmitted in the clear/unencrypted. There's nothing particularly novel or special about Firesheep - packet sniffing isn't some new exploit, it's unavoidable with an unencrypted connection. It's just a packaged-up tool to use packet sniffing to specifically steal cookies.

Hopefully the Kindle encrypts all its ID/login-related communication with Amazon; if that's the case then none of this would be a concern.

11-12-2010, 04:20 AM	#4
Mithent Junior Member Posts: 4 Karma: 10 Join Date: Nov 2010 Device: Kindle 3 WiFi+3G	It's possible that the Kindle does not use cookies for access to the store, because it's not accessed through the web browser and may therefore use some other method of authentication which Firesheep does not intercept. However, even if it transmits another unique ID that Firesheep can't currently capture, it would be possible to intercept that on an unsecured network if it's transmitted in the clear/unencrypted. There's nothing particularly novel or special about Firesheep - packet sniffing isn't some new exploit, it's unavoidable with an unencrypted connection. It's just a packaged-up tool to use packet sniffing to specifically steal cookies. Hopefully the Kindle encrypts all its ID/login-related communication with Amazon; if that's the case then none of this would be a concern.