At the Black Hat security conference in Washington, an independent hacker demonstrated a tool that can steal sensitive information by tricking users into believing they're visiting protected sites when in fact they're not. SSLstrip works on public Wi-Fi networks, onion-routing systems, and anywhere else a man-in-the-middle attack is practical. It converts pages that normally would be protected by the secure sockets layer protocol into their unencrypted versions. It does this while continuing to fool both the website and the user into believing the security measure is still in place.

Full Article