Allegedly, on or about 4 November 2017, Patrick O'Callaghan sent: > *All* public WiFi is insecure by definition since in general you > don't know anything about who's running it. Whether or not that > matters depends on your requirements. At a minimum, use application- > layer security (HTTPS, SSH, TLS etc.) Yes, people forget that the encryption aspect of WiFi only covers the wireless aspect. Once the access point has the traffic, it goes out through a LAN then WAN, and *that* is unencrypted, and often directly accessible to other users, and just as prone to compromise as any other badly run computer system. If you access a HTTPS server, the server is responsible for setting up an encrypted connection between you and them, that *allegedly* can go through an unsafe network in the middle. But a lot of services are not encrypted, or only partially. Your usernames, passwords, dates-of-birth, addresses, etc., all being transmitted in a captureable way. Some of which seem, on the face of it, nothing to worry about, but do make up a collection of data which is useful to miscreants. -- [tim@localhost ~]$ uname -rsvp Linux 4.13.9-200.fc26.x86_64 #1 SMP Mon Oct 23 13:52:45 UTC 2017 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. Damn, I didn't mean to press *that* button! _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
