Senator Charles Schumer gets his way, popular websites like Facebook, Twitter,
and Amazon will default to more secure protocol -- HTTPS instead of HTTP -- to
prevent identity theft in Wi-Fi hotspots like coffee shops and libraries.
(D-N.Y.) held a news conference in New York yesterday to spread his message.
many people do not know is ... hackers can use wireless hot spots as a gateway
to your most private information," Schumer told
reporters at the event, held at a Manhattan coffee shop.
quickest and easiest way to shut down this one-stop shop for identity theft is
for major Web sites to switch to secure HTTPS web addresses instead of the less
secure HTTP protocol," Schumer
the senator's staffers demonstrated how easy it is to hack someone else's
machine on an open Wi-Fi network by hacking into the Twitter account of a
colleague that was also connected to the coffee shop's wireless network.
called on top-level executives at Facebook, Twitter, Yahoo, and Amazon to
change their default protocols to HTTPS. He said he would be sending letters to
the heads of the companies urging them to make the change.
bottom line is, if we let this proliferate, everyone is going to pay the
price," Schumer said. "It could become the leading cause of identity
quote: Shared key WPA2 (WPA2 PSK) is not secure for cafe/guest WiFi environments. If everyone has the same key and you know that key, sniff a session's 4 way handshake, and you can decrypt that session's traffic. Forcing a 4 way handshake is left as an exercise to the reader.
quote: The other WPA2 mode isn't vulnerable to that but may not be that secure either: see <removed> (dailytech thinks my post is spam if I make it a link).
quote: Basically the WiFi bunch screwed up big time and kept screwing up over the years.