[Noisebridge-discuss] Fw: continuing adventures in the brave new world.

Will Sargent will.sargent at gmail.com
Tue Apr 3 18:54:07 PDT 2012

Okay, there is ONE attack vector that I can see.  He's not using HTTPS, so
a MITM attack at the router level on an open network (like Noisebridge's)
could intercept and replace the Javascript with something nasty.

So, use a VPN if you're at Noisebridge, using a straight HTTP site, and
want privacy.  Otherwise assume everyone can read everything.



On Tue, Apr 3, 2012 at 6:44 PM, Will Sargent <will.sargent at gmail.com> wrote:

> You can see for yourself if you check the javascript that it's not calling
> out to any server or storing it.
> Will.
> On Tue, Apr 3, 2012 at 6:38 PM, Andy Isaacson <adi at hexapodia.org> wrote:
>> On Tue, Apr 03, 2012 at 06:24:31PM -0700, William Sargent wrote:
>> > http://howsecureismypassword.net/
>> ... type your password into a random website?
>> "However secure it *was*, it's definitely not secure any more!"
>> -andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120403/353a1c55/attachment.htm 

More information about the Noisebridge-discuss mailing list