NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Monitoring user logins via unsecure Wi-Fi networks

Monitoring user logins via unsecure Wi-Fi networks

http://bit.ly/cVyYrK   (Techcrunch - "An AOL Company")

The existence of the exploit ("Firesheep") described at 
http://bit.ly/d7nPNH  (Code Butler) should surprise nobody.

The browser plugin "workaround" described at the Techcrunch/AOL link
is useful as a transitional tool in the absence of integral crypto
protection, but what percentage of vulnerable users will be using it
in the long run?

Unsecured Wi-Fi is ... unsecure.  Unless end-to-end connections (wired
and wireless) are protected by strong encryption (and that does not
necessarily means SSL/TLS within the current certificate-based PKI
with all its problems) users will be increasingly vulnerable.

I'm now waiting for the privacy commissioners and other parties who
have had such a field day crucifying Google over *accidental* Wi-Fi
payload data collection to take a similar hard line against Firesheep
and the multitude of other purpose-built Wi-Fi payload monitoring tools
available for all manner of applications both fair and foul.

Lauren Weinstein (lauren@vortex.com)
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Co-Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance): 
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz