Originally Posted by tlrobinson
I actually don't think anything
(besides the login process) is encrypted. You were probably looking at the gzipped responses and thought it was encryption (I did the same thing at first too)
You're right.... My initial sniffs were done with a quick run of tcpdump captured to a file and doing a quick search for obvious clear strings, but upon further closer inspection, I saw the gzip headers.
Further investigation through a real packet sniffer with proper decodes (Ethereal in this case) showed up the plain clear text on-the-wire, which was not entirely surprising (since as I said, many assumptions were made in this article without the benefits of an actual packet trace).