[OpenWireless Tech] Securing Open Wireless
Michael Blizek
michi1 at michaelblizek.twilightparadox.com
Thu Jul 28 12:49:37 PDT 2011
Hi!
On 14:39 Thu 28 Jul , Christopher Byrd wrote:
> On Thu, Jul 28, 2011 at 2:05 PM, Peter Eckersley <pde at eff.org> wrote:
> > Reading your article I gather you mean all the Firesheep-style attacks the
> > user is subject to if their OS sends HTTP requests while the VPN is being
> > established.
>
> That's part of it. Systems leak a lot of information before the VPN is
> established, and most of it is protocols other than HTTP.
Then the VPN is broken and can be fixed. VPNs should not allow any traffic
bypassing. On my systems, when the VPN is down, data simply gets dropped.
> You can also
> use denial of service (DoS) attacks against the VPN connection (hoping
> the user decides to use the open wireless without it),
Yes, but the user will be cautious.
-Michi
More information about the Tech
mailing list