[Noisebridge-discuss] FYI, Noisebridge Wifi is not secure

Matt Thrailkill matt at thrailkill.org
Tue May 29 07:08:08 UTC 2012


All it means is that the Noisebridge website will have HSTS applied
for Chrome users:
http://dev.chromium.org/sts

The underlying network is still unsafe.

On Mon, May 28, 2012 at 11:04 PM, Scotty Allen <scotty at appmonsta.com> wrote:
> Sure enough:
>
> http://code.google.com/searchframe#OAMlx_jo-ck/src/net/base/transport_security_state_static.json&exact_package=chromium&q=noisebridge.net&type=cs&l=187
>
> However, this section of the file does say "// Force HTTPS for sites
> that have requested it." so I'm not sure I consider this proof of
> anything...
>
> -Scotty
>
> On Mon, May 28, 2012 at 4:25 PM, Will Sargent <will.sargent at gmail.com> wrote:
>>
>> To some people (mostly security and / or network professionals), this
>> is blindingly obvious -- to those who aren't, this may be news.
>>
>> It's pretty clear that there are sniffers active in the space.  We've
>> had people try to hack machines or web sessions before, and I'm not
>> saying there are SSL hacks, but consider that https://noisebridge.net
>> is hardcoded into Google Chrome's source code.
>>
>> You may wish to consider a VPN, and/or disable mobile devices.
>>
>> http://tersesystems.com/2012/05/28/how-to-surf-from-a-public-wifi
>>
>> Will.
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss



More information about the Noisebridge-discuss mailing list