

Show HW: UseSSL.org - shame list for unencrypted private info - state_machine
http://usessl.org/

======
state_machine
I was a little taken back when I saw firesheep running on my university's
(unencrypted) wireless network. The number of cookies/sessions being sent back
and forth, and the ease with which they could be stolen, was staggering.

SSL has been around for awhile, the CPU time required is negligible compared
to the other tasks most web-apps are doing now, and for any real business, the
cost of a simple cert should be trivial. Plus, with SSL-offloading common on
platforms like netscalers or aws EC2, many sites could probably support SSL
without their web servers noticing.

I needed a quick (< 5 hour) project to try out rails3 and learn what changed,
so this seemed like a good way to cut my teeth. I apologize it's ugly --
design isn't my strength.

