On Tue, 17 Jul 2012 13:45:51 +0800, Timothy Sipples wrote: > >4. It's a big problem when practically everybody in the security community >criticizes Yahoo! for their intransigence in fixing the problem. It's an >even bigger problem when my own mother suffered from Yahoo's decade plus >long failure to turn on HTTPS. > Of course, "turn on" implies commiting the CPU (micro)cycles to peform the encryption.
>(*) It would certainly help if the wi-fi industry adopted a "Public >WPA2" (a.k.a. "coffee shop") addition to their standards, requiring >adoption and compliance among manufacturers. Such an amendment would be >similar to HTTPS, allowing simple "walk up" encryption of wi-fi >connections. Hopefully it would also have reputation-based client >evaluation of wi-fi hotspots to reduce spoofing risk. Oddly, wi-fi doesn't >yet have a great, easy-to-use security solution for the coffee shop/hotel >scenarios where wi-fi is so popular. Maybe Apple will figure this out. > And WEP/WPA provides encryption as far as the coffee shop's router. Upstream from that the communication is still susceptible to interception. And an unscrupulous coffee shop itself could log and mine its traffic. There are enterprises providing VPN services commercially to their hubs, often geographically dispersed. But the VPN provider itself has access to all the customer's traffic. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
