Hacker News new | past | comments | ask | show | jobs | submit login

This is one of many reasons Loopt has used SSL for all[1] traffic from the very beginning. At least WiFi has fairly limited range. Cell networks[2] (and satellite internet[3]) can be sniffed miles away.

In addition to making session hijacking harder, using SSL keeps crappy proxies from caching private data. Remember when some AT&T users were getting logged in as other users on Facebook's mobile site? The cause was a mis-configured caching proxy.

Raising awareness of issues like this gets them fixed. Until a service's users demand SSL, it won't be offered. Unless the service is Loopt :) It's not a noticeable computational burden, but it does increase latency and cost money (for certs).

  1. Not images
  2. Older GSM crypto can be hacked in real time with rainbow tables now
  3. Usually not encrypted at all



Indeed, Loopt appears to be one of the few high-profile sites to have done this right. SSL for everything, and cookies that are relevant to login sessions are marked secure. This is what we need everywhere!


I'm proud of http://ourdoings.com/ having done this since 2004.


There are antennas[1] that let you sniff wifi from ~4 miles way. Some routers can be configured to drop clients more than N meters away, though.

[1] http://www.radiolabs.com/products/antennas/2.4gig/long-range...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: