At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used.
Not that wow imho, as it’s basically a man in the middle attack using a self-signed (thus forged) certificate (on which the browser will give you a notification). Quite sure lots of sites are “hackable” in this manner.
good old fiddler, use it almost every week 🙂
Leave a comment