On Tue, Jan 4, 2011 at 6:23 AM, Eduardo M KALINOWSKI <edua...@kalinowski.com.br> wrote: > On Ter, 04 Jan 2011, Brian wrote: >>> >>> Because anyone nearby with a laptop can sniff the traffic, unlike with a >>> regular cabled internet connection or a password protected wireless >>> network (in which traffic in encrypted)? >> >> For internet banking/shopping over https (which would be the norm) it >> wouldn't give them anything of value, would it? > > Only the URLs of what you visit. But many sites still don't use https even > for login. (Shame on them...) Or use https for login and later go back to > http, using cookies in a way that it is easy for others to hijack the > session, as the article mentions.
I recall reading, maybe on Debian planet, a post about a guy who was running wireshark while on an open cafe network, and found that even though he was using https Bank of America was transmitting the password in clear text. Or something. I can't find it again, does that ring any bells for anyone? The point, if I remember, was that one your personal protected network you are protecting yourself and being protected. So both have to fail for you to be compromised. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimgpnkkjrhfsy4ezzfv08vxoss8xuhghqlxc...@mail.gmail.com
