Hacker News new | comments | show | ask | jobs | submit login

Same problem @ court houses offing WiFi to juror's. They express that you should take advantage of access to the local free/UNENCRYPTED WiFi for "JUROR's ONLY" to access.

Thought, the network is open which is a danger within itself, the network asks you to accept an invalid security certificate(which means their MiTM everything from the get-go), and then they took the time to make your read/accept an agreement stating in bold that this is an insecure network, and that everything you do over it will be audited, and monitored(SsL-STRIPING). As a juror, you must then sign-in using your badge#.

It defeats the purpose of any of these post associated protections, if an attacker simple injected his own certificate, or java-script frame. Even creating a Honeypot-Rouge-AP using any number of wireless capable devices such as, smartphones, and mobile routers, even wristwatches &sunglasses.

Compromising a jury from an attackers stand-point would be too, sit in the cafeteria, and literally eat-cake.


Maybe I am very naive, but how does unencrypted WiFi mean that anyone can do anything they like to me? Can they mess with my https, ssh or VPN connections? Can they inject content into regular HTTP pages?


Have a read up on ARP spoofing/poisoning: http://en.wikipedia.org/wiki/ARP_spoofing

Receiving spam ads is the least of your worries.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact