[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 28 Oct 2010, Jaan Janesmae wrote:
Hey, anyone still up for leaving their wifi open? http://darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227900742
Original article here: http://codebutler.com/firesheepthis has been know about for some time, only now we have pointy clicky bit of gui drool...
It's not abut leaving your own Wi-Fi network wide-open, but using open networks in general. This would just as easily apply to an old fashioned Ethernet hub/co-ax arrangement (not that you'll find them anymore!)
And it's not just cookies that are being sent in the clear, pop and imap username and passwords are mostly un-encrypted too. SIP has a form of encrypion for the username/password, so you're mostly safe using VoIP, but there are probably many other applications where passwords are transmitted in the clear.
ssl/https is an answer, but in-general, web hosts are loathe to do this as it does require additional CPU power to do the encryption/decryption - and going that for every transaction, large graphics, etc. will soon soak up resources. That and that https/ssl doesn't lend itself that well to being proxyd by the front-end load balancers/accelerators that most busy sites use these days more or less rules it out - for now.
So - on an open Wi-Fi access point (e.g. BT fon/openzone, Shoreline cafe, etc.) what you need to do is establish a VPN tunnel to somewhere secure and do the web browsing by proxy - the down-side of that is bandwidth - or lack of it. Trivial for me as I have oodles of bandwidth at my hosting location, but if you're stuck with using a server on your home ADSL, then you'll be limited to the outgoing speed of that connection...
OpenVPN endpoint on www.dcglug.org.uk... ? ;-) Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq