One day around 2010, we experimented at work with ARP poisoning and intercepting traffic for other hosts on the network at work. We immediately saw all traffic flowing through the network. Between all that data, we caught a glace of bits of messages of a few colleagues talking to their families over MSN Messenger. Shit, we didn’t mean to spy on anyone, we were trying to understand our network security better. The experience was unsettling. Hubs and open Wi-Fi networks were also still common back then, and listening to traffic on those didn’t even require ARP poisoning: it could be done entirely passively by just listening. I learnt about HTTPS around that time, and it was obvious to me that it made a huge difference. If we were exposing a service to either clients or loved ones, we needed to use TLS to ensure that the services were secure. Yet, HTTPS continuously faced resistance. “It’s complex and hard to debug when it fails”. “If we get it wrong, our services become unreachable”.…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.