Do you type passwords into web pages? Let me introduce you to your worst nightmare: sslstrip. The author of this program realized that most people don’t type in the https prefix, and don’t look closely for padlock icons. sslstrip takes advantage of this, and transparently hijacks HTTP traffic, replacing all HTTPS links and redirects with look-alikes. Read the full article to understand how this tool takes advantage of a design flaw in the world wide web.