So they have to actually be watching for that connection, pretty much in control of your computer or server or an entire network really, so no sniffing these out... making this really fucking hard. Then they still have to guess what some keys are.., it doesn't decrypt everything.. and it takes 30 mins to do one cookie - and they still have to guess at some data and the next transaction the encrypt changes?
While this needs to get fixed.... it's a rather weak hack.
|