On 07/11/2015 05:28 PM, Christian Huitema wrote:
OK, you are probably correct that this is just one of the many attacks possible
when connecting to insecure networks. Then, of course, there is the whole idea
of letting an untrusted DHCP server direct one's browser to an arbitrary web
page. Looks like an ideal setup for zero days and phishing tools. Ideally, we
should only process the redirected page into a fairly tight sandbox...
This is just one example of the "everything is broken" problem. In
point of fact, if you can inject packets on the local wire and sniff
packets off of the local wire, you can easily send malware to the host
simply by providing it with mostly correct information, and then once
the hotspot detector has been bypassed, hack the next http query that
goes by, stuffing your malware, or instructions to fetch your malware,
into the HTML.