[kwlug-disc] More on Firesheep and encrypted wifi
Rashkae
rashkae at tigershaunt.com
Thu Nov 11 18:43:19 EST 2010
On 10-11-11 05:30 PM, L.D. Paniak wrote:
> Here is a short blurb on why having WPA/2-PSK turned on on your wifi
> doesn't help solve the problem of people stealing your cookies.
>
> http://www.boingboing.net/2010/11/10/password-doesnt-shea.html
>
> I find it odd that WPA-PSK does not negotiate per-user keys in a more
> secure way. It is so close to having complete credential isolation not
> only from people outside the network, but inside as well.
>
> Looks like the only options are VPN back to a trusted network or only do
> business with sites that care enough about your credentials to use SSL
> for the whole transaction.
>
>
It's easy to place blame on the social sites for not providing better
protection through https, but I think the entire Internet industry
should take a bow of shame for not having bolted a STARTSSL protocol to
http a decade ago. It boggles the mind that any web traffic is left
unencrypted, when this would have been an easy thing to implement across
the board. </rant>
More information about the kwlug-disc
mailing list