In the process of researching a paper on the legality of wiresniffing (clif notes version: it's not legal, stop trying to pretend it's not), I found out a really horrifying fact:
Gogo, the inflight wireless company that I researched last semester (here's my paper that I wrote about inflight wifi), transmits their logon passwords as clear text.
No, seriously.
To even use their service, you have to log onto their page, accept their terms, pay for your service, and then mosey around the net. My guess is that they use a nice secure page for their credit card intake form (can't check on that now since I'm not on a plane), but as far as logging into an existing account, it's giving your username and password out to everyone that's listening in. People can do this using free software like Wireshark, and it's not hard to do. I wish I knew if it was a switched network or not...anyone know? I can't find any info on their site, and I'll probably fire off an inquiry to their customer service without a response.
Well, I guess that discount coupon I had for service this month will go unused, because there's no way on earth I'm logging on now.
Monday, March 1, 2010
Subscribe to:
Posts (Atom)