Understanding the risk of non SSL login forms


This post was flagged by the community and is temporarily hidden.


I’d say the most likely ways to get sniffed are:

  • Somebody on your Wi-Fi network, or pretending to be your Wi-Fi network, spoofs themselves to become your gateway and views all your traffic. Since this is an active MITM, they can also modify all of the traffic as it flies. I had fun doing this to my boss.
  • Your ISP spying on you on behalf of your government for mass surveilence. We know it’s happening. ISPs even started inserting advertising onto insecure pages as an active MITM (sigh).

But every device (usually between 5-20, but can be more) between you and your peer can simply mirror all of your netflows to another device for analysis or storage.

And consider that any of these companies operating these routers can get compromised, so knows what random hackers are lurking watching traffic. I remember 15 years ago downloading giant lists of ISP’s routers and their credentials …


Or some routers on the path between you and the website had been hacked.

It already happened, to inject Ads for example https://www.tripwire.com/state-of-security/security-data-protection/advert-router-hijack/ . Who knows if they recorded login information too?