
Here’s Why Public Wifi Is a Public Health Hazard - BerislavLopac
https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.l0znwgqji
======
Cpoll
>He asks me to go to Live.com (the Microsoft email site) and enter a random
username and password. A few seconds later, the information I just typed
appears on his screen. “Now I have the login details of your email account,”
Slotboom says. “The first thing I would do is change the password of your
account and indicate to other services you use that I have forgotten my
password.

What's happening here? The author's browser would report that the connection
is un-certified, and that would be a red flag if the author had checked, no?

Would there be any demand for a service that checks if a website _should_ have
a valid cert? Would it make sense to have this built into the browser?

~~~
throwastone
The author goes on to describe DNS spoofing in the following paragraph.
Perhaps this was used for the live.com attack. He even says, "Within 20
minutes he’s obtained the login details, including passwords for my Live.com,
SNS Bank, Facebook, and DigiD accounts."

~~~
Piskvorrr
Even with spoofed DNS, the HTTPS certificates would not match (J. Random
Hacker is unlikely to lug around a compromised, trusted root CA certificate,
much less show it off to a passerby).

