[kwlug-disc] More on Firesheep and encrypted wifi

Rashkae rashkae at tigershaunt.com
Thu Nov 11 18:43:19 EST 2010

On 10-11-11 05:30 PM, L.D. Paniak wrote:
> Here is a short blurb on why having WPA/2-PSK turned on on your wifi
> doesn't help solve the problem of people stealing your cookies.
> http://www.boingboing.net/2010/11/10/password-doesnt-shea.html
> I find it odd that WPA-PSK does not negotiate per-user keys in a more
> secure way.  It is so close to having complete credential isolation not
> only from people outside the network, but inside as well.
> Looks like the only options are VPN back to a trusted network or only do
> business with sites that care enough about your credentials to use SSL
> for the whole transaction.

It's easy to place blame on the social sites for not providing better 
protection through https, but I think the entire Internet industry 
should take a bow of shame for not having bolted a STARTSSL protocol to 
http a decade ago.  It boggles the mind that any web traffic is left 
unencrypted, when this would have been an easy thing to implement across 
the board. </rant>

More information about the kwlug-disc mailing list