Submitted by flightwaves t3_10ofpd1 in nyc
ICantThinkOfANameBud t1_j6fedoo wrote
Reply to comment by iknowyouright in MTA cuts free Wi-Fi from NYC buses by flightwaves
There's really not much that someone could do, passwords are all encrypted and a random person wouldn't have access to change the DNS servers or anything.
wutcnbrowndo4u t1_j6fk0oe wrote
> passwords are all encrypted
The attack surface of the Web is massively more complicated than this.
ICantThinkOfANameBud t1_j6fkbvm wrote
Please enlighten me to what someone will do. Sniff the packets? Oh no, they found out what websites I visit. What's that, they don't know what person on the bus I am?
wutcnbrowndo4u t1_j6frp4s wrote
Your sarcasm is clearly masking extreme ignorance as to how the Web, the Internet, and computer security in general work, but I'll bite for one comment. Beyond that, feel free to do your own research (there's a website called google.com on which you can type "why is unsecured public wifi risky").
> Sniff the packets? Oh no, they found out what websites I visit
Leaving aside the obvious attack vectors of spoofing the access point or compromising the router, packet sniffing itself presents vulnerabilities. One of the primary reasons that defense in depth is a fundamental principle of network security is that a single browsing session interacts with a gargantuan number of different actors[1], and the odds of multiple gaps lining up is nonzero.
While you're checking out this Google website, look up what a "cookie" is in the context of the Internet. You may have noticed that you don't type in your password during every web request you make to a website logged in to, because you send cookie data instead that consistently identifies your different requests as belonging to the same session. Cookies are not encrypted with nearly the universality that passwords are, and an attacker with access to your cookie can impersonate you(r session) to the server that you're communicating with.
> What's that, they don't know what person on the bus I am?
I'll admit this last part of your comment made me question whether you even know what the Internet is. Are you under the impression that it's impossible for a browsing session to contain a collection of data that is useful without knowing what a person looks like or which seat on a bus they're sitting in? Are you under the impression that all successful hacks involve sending surveillance drones to visually identify the target?
[1] Not just the network infra and websites you're using, but every injected script and and ad on each of them
ICantThinkOfANameBud t1_j6fybkq wrote
Your assholeness is speaking volumes to how much of a douchebag you are. You're living your life in fear of shit that happens in movies and in your mind. It's no wonder you do this though, because of how much of an insufferable paranoid nerd you are. No one is doing all this shit on a bus. Oh, don't forget your faraday cage next time you're on the train, just in case!
Viewing a single comment thread. View all comments