Has anyone empirically analyzed the actual threat from using public WiFi? That is: (1) how much useful (unencrypted) data is still available to a rogue AP, (2) how well these attacks could be executed by remote attackers?
-
-
This is the real problem. From a browser MitM point of view, HSTS is the real killer, and any attack will have to also redirect to a different realistic DNS name. Captured portal "login please", might not have HSTS...
-
Are there any simple tools to review this without MitM oneself or using Wireshark on one's LAN? Or public, organized efforts to keep track of who's doing things well to nightmarishly bad (beyond HTTPS or not, since it's not black & white, more a range)?

- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.