[Noisebridge-discuss] Fw: continuing adventures in the brave new world.

Will Sargent will.sargent at gmail.com
Tue Apr 3 18:54:07 PDT 2012


Okay, there is ONE attack vector that I can see.  He's not using HTTPS, so
a MITM attack at the router level on an open network (like Noisebridge's)
could intercept and replace the Javascript with something nasty.

So, use a VPN if you're at Noisebridge, using a straight HTTP site, and
want privacy.  Otherwise assume everyone can read everything.

http://webapp-hardening.heroku.com/no_ssl
http://howsecureismypassword.net/privacy/

Will.

On Tue, Apr 3, 2012 at 6:44 PM, Will Sargent <will.sargent at gmail.com> wrote:

> You can see for yourself if you check the javascript that it's not calling
> out to any server or storing it.
>
> Will.
>
>
> On Tue, Apr 3, 2012 at 6:38 PM, Andy Isaacson <adi at hexapodia.org> wrote:
>
>> On Tue, Apr 03, 2012 at 06:24:31PM -0700, William Sargent wrote:
>> > http://howsecureismypassword.net/
>>
>> ... type your password into a random website?
>>
>> "However secure it *was*, it's definitely not secure any more!"
>>
>> -andy
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120403/353a1c55/attachment.htm 


More information about the Noisebridge-discuss mailing list