Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Public Wi-Fi in the world of HTTPS

Story time. Someone I know once got laid thanks to Facebook not encrypting their sessions

My university was still using basic ass unencrypted WiFi with some kind of terrible dns-hijack sign in to “auth”. This of course meant that everyone put their shiny MacBooks on essentially public wifi and logged in to social media in the clear in class.

Some enterprising chaps made a browser extension that made it trivial to snoop any open sessions and impersonate that session in a new tab.

Someone I know would do this during lecture and post to people’s social media as them saying they should pay attention in lecture. Possibly some other scandalous things were said. The hilarity that led from that stranger doing so led to the beautiful nerdy girl sitting behind this person noticing and daring them to post more. That became hanging out, parties, and as far as I know they got married and have kids now.

Literal people exist that wouldn’t otherwise because Facebook didn’t have HTTPS



>Some enterprising chaps made a browser extension that made it trivial to snoop any open sessions and impersonate that session in a new tab.

Firesheep was super big for a while, yeah. I used it to show a few coffee shops that yes, really, WiFi with a password of "password" was measurably better for their customers than no password: https://en.wikipedia.org/wiki/Firesheep


Fuck, HTTPS was already popular by the time I went to college. That explains everything.


I credit the fact that basically nothing was encrypted over the wire when i got into computers in the 90s for learning how protocols work.


To be fair this needed HTTP and WPA(?) lol. Old school wifi let you see everything every other client sent.


Is your friend Samy Kamkar?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: