SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    0 Post(s)
    0 Thread(s)

    Intercepting non-SSL traffic

    I have a question about the security concept that traffic sent over a non-encrypted connection can be intercepted and read by anyone. The word anyone is often used, but I'm a bit sceptical.

    Can anyone really intercept plain text HTTP traffic from one unrelated source to another? Or do they need to be on the wireless network, or have some administrative control over a wired network, or have some access to an ISP server or router somewhere along the chain?

  2. #2
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    A Maze of Twisty Little Passages
    60 Post(s)
    0 Thread(s)
    It depends upon what tools you use to intercept the transmission, i.e. packet sniffers or hardware tappings, etc. The main obstacle against eavesdroppers with (hard-wired network) you'd usually have to have physical access to the nodes or medium - unless of course the machine had been compromised via malware, etc.

    However, concerning Wi-Fi even if you use HTTPS with an "unencrypted" Wi-Fi connection it can be easily intercepted due to Wi-Fi having a lax ad-hoc approach. So even if the Wi-Fi was "password protected" it wouldn't really protect you one iota from eavesdroppers. It must be securely encrypted for HTTPS to actually "work correctly" via wireless.

    That's what most home users forget with Wi-Fi they password protect so their neighbours can't "auto connect" but forget to enable encryption so are leaving themselves extremely vulnerable to a determined localised attack.

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts