On Mon, Mar 02, 2009 at 01:35:38PM -0800, Phil Pennock wrote: > On 2009-03-02 at 05:53 -0800, Joshua Juran wrote: > > Apparently Apple wants me to disable SSL so anybody using the same > > hotspot can read my messages and steal my credentials. > > > > The security is a lie. > > But, if you're on a hotspot, then you're subject to arp spoofing; one > person with dsniff installed can redirect your traffic to go via their > box, so when you're on wifi that's exactly when you *most* need to > verify the identity of the remote site. > > On wifi, you're fooling yourself if you think that accepting arbitrary > unverified host certs is better than nothing.
Or you can tunnel about everything through ssh, including a connection back to a web proxy you trust. -- Philippe Bruhat (BooK) Food and life were both meant to be shared with others. (Moral from Groo The Wanderer #119 (Epic))