Owning the paranoid: Browser background traffic
Defences include:
- Force HTTPS on the sensitive site (at least for cookies, ideally for whole site).
- Disable all non-HTTPS traffic, by setting the relevant proxy settings to an invalid value.
OK, but people will still use free WiFi. Because it is free, after all.Hecuba's daughter wrote:To be fair to the basic user, this is just one more reason for not using a network whose security you aren't confident in. Surely?
Well, when we're talking about an insecure network, you shouldn't trust NS to completely protect you, because an active attacker on the network can impersonate any plaintext site on your whitelist. Browser sends OCSP request, attacker responds with redirect to http://www.bank.com, browser requests bank.com via plaintext, attacker impersonates bank.com.Not that I don't completely trust NS to prevent XSS and CSRF etc,
That's sort of what I was trying to do.Thrawn wrote:Well, when we're talking about an insecure network