now the internet is going to come crashing down around us.
Well, no. Indeed, this one is less of a "crashing down around us" danger than many of the usual threats. It's more a matter that there are now more ways that someone can spy on you. (Although note Lowell's message below, on the difficulties of using this particular attack -- those are at least mildly comforting, in that this isn't something the average script kiddie can easily mount.)
If everyone just starts using https for everything, couldn't that fix it?
HTTPS will deal with at least much of the danger. Not quite all -- you can still garner some implicit information even from an encrypted packet -- but it greatly limits the effect. But HTTPS is costly enough that usage is still spotty at this point, and many sites don't yet support it. (Indeed, CommYou doesn't do so yet, although it will eventually.)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2008-08-28 09:43 pm (UTC)Well, no. Indeed, this one is less of a "crashing down around us" danger than many of the usual threats. It's more a matter that there are now more ways that someone can spy on you. (Although note Lowell's message below, on the difficulties of using this particular attack -- those are at least mildly comforting, in that this isn't something the average script kiddie can easily mount.)
If everyone just starts using https for everything, couldn't that fix it?
HTTPS will deal with at least much of the danger. Not quite all -- you can still garner some implicit information even from an encrypted packet -- but it greatly limits the effect. But HTTPS is costly enough that usage is still spotty at this point, and many sites don't yet support it. (Indeed, CommYou doesn't do so yet, although it will eventually.)