Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I've configured my Nexus 5 to auto-connect to any open "linksys" SSID. How would this be any different?

Don't rely on SSID for security. Rely on SSL/TLS and certificate pinning.



It's not different. It's not even necessarily bad. It's just worth considering while evaluating this proposal.


And what if you need to login to a site that isn't SSL-secured? There's nothing the end user (you) can do about that.


You should never be using a site without SSL if you're passing authentication information.

Now, while I understand this is out of an end user's control, that shouldn't cause us to throw the idea of a shared wireless network out the door. That should cause us to look at non-secure sites accepting credentials, and how to prevent that behavior in the first place.


You use a VPN to tunnel to a trusted server and have it initiate the cleartext connection to the site, keeping the traffic between you and that server encrypted.


Not easy as in everyone has access to a __trusted__ VPN tunnel server.


https://www.eff.org/https-everywhere

this site helps with this issue forcing sslany.


Installing a browser add-on doesn't make websites lacking an SSL certificate magically acquire one. The fact is that there are still a lot of sites out there that don't have them.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: