Re: firewall package for laptop wi-fi client

[Arthur Machlas <arthur.machlas@gmail.com>]

On Tue, Jan 4, 2011 at 6:23 AM, Eduardo M KALINOWSKI
<eduardo@kalinowski.com.br> wrote:
> On Ter, 04 Jan 2011, Brian wrote:
>>>
>>> Because anyone nearby with a laptop can sniff the traffic, unlike with a
>>> regular cabled internet connection or a password protected wireless
>>> network (in which traffic in encrypted)?
>>
>> For internet banking/shopping over https (which would be the norm) it
>> wouldn't give them anything of value, would it?
>
> Only the URLs of what you visit. But many sites still don't use https even
> for login. (Shame on them...) Or use https for login and later go back to
> http, using cookies in a way that it is easy for others to hijack the
> session, as the article mentions.

I recall reading, maybe on Debian planet, a post about a guy who was
running wireshark while on an open cafe network, and found that even
though he was using https Bank of America was transmitting the
password in clear text. Or something. I can't find it again, does that
ring any bells for anyone?

The point, if I remember, was that one your personal protected network
you are protecting yourself and being protected. So both have to fail
for you to be compromised.