On Mon, Mar 02, 2009 at 01:35:38PM -0800, Phil Pennock wrote:
> On 2009-03-02 at 05:53 -0800, Joshua Juran wrote:
> > Apparently Apple wants me to disable SSL so anybody using the same
> > hotspot can read my messages and steal my credentials.
> >
> > The security is a lie.
>
> But, if you're on a hotspot, then you're subject to arp spoofing; one
> person with dsniff installed can redirect your traffic to go via their
> box, so when you're on wifi that's exactly when you *most* need to
> verify the identity of the remote site.
>
> On wifi, you're fooling yourself if you think that accepting arbitrary
> unverified host certs is better than nothing.
Or you can tunnel about everything through ssh, including a connection
back to a web proxy you trust.
--
Philippe Bruhat (BooK)
Food and life were both meant to be shared with others.
(Moral from Groo The Wanderer #119 (Epic))
