Can you clarify the first point more? I would assume that if the user is able to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		huntaub on Oct 19, 2014 \| parent \| context \| favorite \| on: What we give away when we log on to a public Wi-Fi... Can you clarify the first point more? I would assume that if the user is able to connect to "facebook.com", then the connection would immediately go to HTTPS and the router could not "forcefully redirect" or do anything to the connection. Alternatively, I could imagine a situation where the router hijacks the _DNS_ request for Facebook to a malicious site. Is that what you were referring to?

smtddr on Oct 19, 2014 [–]

Don't know if this works still today... but I've definitely used it before: http://www.thoughtcrime.org/software/sslstrip/

domenicd on Oct 19, 2014 | [–]

I think that attack is exactly what HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is meant to solve.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact