Today I was travelling in the Netherlands by train. One of the great things is that major stations have their own wi-fi access. When we stopped at a station, as usual I wanted to check my emails while waiting for the train to move on. Once I established a connection with the access point and opened my web browser to log on I immediately noticed something suspicious. Instead of getting an HTTPS site I was being directed to an HTTP site.
In my mind there were two options. Either the log on procedure had changed, or I was dealing with a rogue access point. It turned out to be the first.
What´s the problem with that? Well, anything you send over an unencrypted wi-fi connection is sniffable. This is why the log on page in particular should use HTTPS.
You can bypass traffic sniffing by using an encrypted tunnel to the service of your choice. For instance, emailing via SSL/TLS or using a VPN connection to do all your work. However you can not set up such a tunnel without having actually logged on to have full internet access. The log on credentials are transmitted in plain text.Read Full Story