undefined | Better HN

0 pointsjgelsey5y ago0 comments

Access to the infrastructure is pretty easy - e.g. a WiFi Pineapple is $99. https://shop.hak5.org/products/wifi-pineapple

There is no absolute protection against compromise, but it would be polite for every web site to implement https and hsts to at least make it harder for visitors to be compromised. It costs them very little.

Maybe the analogy is soap in the bathroom at a coffee shop - most customers will not get cholera if the soap is missing, but is it moral for the shop owners to take the risk when the cost is so low and the downside is so high?

0 comments

dvfjsdhgfv5y ago

> Access to the infrastructure is pretty easy - e.g. a WiFi Pineapple is $99. https://shop.hak5.org/products/wifi-pineapple

Even though there are buggy WPA2 implementations, in general it's pretty difficult to get in unless a trivial passphrase is used in WPA2-Personal. With WPA2-Enterprise, it depends on the method used, but breaking properly implemented EAP-TLS is really difficult. Your best bet is to look for bugs in routers etc.

But this basically proves my point: if the attacker can get into your network, messing with the output from Paul Graham's HTTP server should be the least of your worries.

j / k navigate · click thread line to collapse

0 pointsjgelsey5y ago0 comments

Access to the infrastructure is pretty easy - e.g. a WiFi Pineapple is $99. https://shop.hak5.org/products/wifi-pineapple

0 comments

dvfjsdhgfv5y ago

> Access to the infrastructure is pretty easy - e.g. a WiFi Pineapple is $99. https://shop.hak5.org/products/wifi-pineapple

But this basically proves my point: if the attacker can get into your network, messing with the output from Paul Graham's HTTP server should be the least of your worries.

j / k navigate · click thread line to collapse