Thread: Idea: N900 security update (openssl, browser etc)
View Single Post
Xagoln is offline Xagoln
2016-09-15 , 21:21
Posts: 262 | Thanked: 315 times | Joined on Jun 2010
#28
Originally Posted by pichlo View Post
It is easy to be targeted. Especially on a mobile device using WiFi. All you need is another device on the same network and eavesdrop on your traffic. This might be trickier on networks you are in charge of (such as at home), but easy on public networks or even at your workplace.
That's a very good point that my answer overlooked. It's easy enough for a malicious sysop of a public wifi to install something like sslstrip, and/or to portscan your phone to look for vulnerable versions of any daemons that may be listening. Or to silently inject malicious content into your browsing session.

Tunneling your browsing via your own home server (e.g. over SSH or openvpn) would prevent many of these attack vectors, but of course it'll be slower.
 

The Following 6 Users Say Thank You to Xagoln For This Useful Post: