Hacker Newsnew | comments | show | ask | jobs | submit login

Not to mention that with open unencrypted WiFi any attacker can do things like this anyway.



Same problem @ court houses offing WiFi to juror's. They express that you should take advantage of access to the local free/UNENCRYPTED WiFi for "JUROR's ONLY" to access.

Thought, the network is open which is a danger within itself, the network asks you to accept an invalid security certificate(which means their MiTM everything from the get-go), and then they took the time to make your read/accept an agreement stating in bold that this is an insecure network, and that everything you do over it will be audited, and monitored(SsL-STRIPING). As a juror, you must then sign-in using your badge#.

It defeats the purpose of any of these post associated protections, if an attacker simple injected his own certificate, or java-script frame. Even creating a Honeypot-Rouge-AP using any number of wireless capable devices such as, smartphones, and mobile routers, even wristwatches &sunglasses.

Compromising a jury from an attackers stand-point would be too, sit in the cafeteria, and literally eat-cake.

:-\

-----


Maybe I am very naive, but how does unencrypted WiFi mean that anyone can do anything they like to me? Can they mess with my https, ssh or VPN connections? Can they inject content into regular HTTP pages?

-----


Have a read up on ARP spoofing/poisoning: http://en.wikipedia.org/wiki/ARP_spoofing

Receiving spam ads is the least of your worries.

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: