[Noisebridge-discuss] Fw: continuing adventures in the brave new world.
Will Sargent
will.sargent at gmail.com
Wed Apr 4 01:54:07 UTC 2012
Okay, there is ONE attack vector that I can see. He's not using HTTPS, so
a MITM attack at the router level on an open network (like Noisebridge's)
could intercept and replace the Javascript with something nasty.
So, use a VPN if you're at Noisebridge, using a straight HTTP site, and
want privacy. Otherwise assume everyone can read everything.
http://webapp-hardening.heroku.com/no_ssl
http://howsecureismypassword.net/privacy/
Will.
On Tue, Apr 3, 2012 at 6:44 PM, Will Sargent <will.sargent at gmail.com> wrote:
> You can see for yourself if you check the javascript that it's not calling
> out to any server or storing it.
>
> Will.
>
>
> On Tue, Apr 3, 2012 at 6:38 PM, Andy Isaacson <adi at hexapodia.org> wrote:
>
>> On Tue, Apr 03, 2012 at 06:24:31PM -0700, William Sargent wrote:
>> > http://howsecureismypassword.net/
>>
>> ... type your password into a random website?
>>
>> "However secure it *was*, it's definitely not secure any more!"
>>
>> -andy
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120403/353a1c55/attachment.html>
More information about the Noisebridge-discuss
mailing list