[OpenWireless Tech] Securing Open Wireless
Peter Eckersley
pde at eff.org
Thu Jul 28 12:05:47 PDT 2011
On Thu, Jul 28, 2011 at 12:42:09PM -0500, Christopher Byrd wrote:
> > Second, they do not protect you if the operator itself is evil. Third, you
>
> Nothing will protect you against an evil operator if you choose to
> connect to them. Even VPN is not a complete solution as I discuss in
> my article.
Reading your article I gather you mean all the Firesheep-style attacks the
user is subject to if their OS sends HTTP requests while the VPN is being
established.
Nothing one does in WiFi protocols can make insecure HTTP (or HTTPS) websites
secure. The effort required to implement the attack correctly may go up
slightly, but even if the first hop is perfect attacks can still at minimum
occur via DNS or via other routers anywhere along the path.
For the purpose of an Open Wireless Movement, I think we should be clear that
our aim is to defuse the "open wireless is insecure" argument by making open
wifi as good as WPA2-PSK, or better. Beyond that, the problem needs to be
addressed at other network layers.
Which EFF is also working on, of course: https://eff.org/https-everywhere
--
Peter Eckersley pde at eff.org
Senior Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Tech
mailing list