“If you have ever wanted to use the wifi at a coffee shop or library, you have probably had to click…”

If you have ever wanted to use the wifi at a coffee shop or library, you have probably had to click through a screen to do it. This screen might have shown you the network’s Terms of Service and prompted you to click an “I agree” button.

These kinds of screens are called captive portals, and they interfere with wireless security without providing many user benefits.

Captive portals are to blame for a number of security issues, especially when it comes to HTTPS websites. HTTPS is meant to prevent traffic interception, alteration, and impersonation by a third party. But captive portals work by doing exactly that: they intercept and alter the connection between the user and the site they are trying to visit. On an unencrypted HTTP connection, the user would not even notice this. But for sites secured with HTTPS, the web browser detects something or someone hijacking the connection (similar to a man-in-the-middle attack). This causes “untrusted connection” warnings about fake certificates for websites that users otherwise expect to be safe.

Those copious unexplained “untrusted connection” warnings on a network with captive portals—essentially false-positive warnings about websites that are actually safe—can train users to adopt the dangerous habit of ignoring security warnings.

How Captive Portals Interfere With Wireless Security and Privacy | Electronic Frontier Foundation (via libraryprivacy)
http://ift.tt/2uSRer8

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s