Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was at a conference recently and saw somebody start Firesheep -- HN profiles showed up. So the choices were: use HN on open wifi but risk having your session stolen, don't use HN, or connect to a VPN. The VPN is probably the smartest thing to do on an open wifi network, but it's nice to know that HN is now safe to use without it.


If you're going to a conference and you're using wifi there, please use a VPN. If you're going to a coffee shop and using wifi, if at all possible use a VPN.

By not using a VPN you're leaving yourself open to all manner of attacks (take for example the recent iOS SSL Cert validation issues as an example, but also consider the fact that an attacker could inject malicious content to attack your system over any HTTP traffic - or invalid HTTPS traffic if you make the connection).

At the very least you should use an SSH tunnel or some form of transport to protect all of your outbound traffic when in a hostile environment.


I saw Firesheep in active use at the TechCrunch Disrupt NYC hackathon earlier this year. Yikes. No solution is perfect, but VPNs seem like the way to go for now.

[Shameless Plug] I quit my day job earlier this year and started building https://www.getcloak.com/ with two friends. We're caffeine addicts who dog-food our product; that's why we work out of coffee shops here in Seattle. (You can find our office by following @seafreemob on Twitter. ;-)


Thanks for the plug, finally a VPN solution that seems good (i.e. automatic, good pricing model etc.). That said, please sent an invite (my email stats jtl...)


Sent! Cheers.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: