Vocab
A version of HyperText Transfer Protocol with an extra layer of encryption.
What is HTTPS
You’re using public Wi‑Fi at the airport. Someone on the same network quietly captures the small chunks of data your device is sending and receiving, letting them read information you thought was private.
What is packet sniffing
At DEF CON, a researcher set up an open Wi-Fi network and captured thousands of users’ unencrypted traffic, including logins and emails, just by sitting nearby.
What is Packet Sniffing (Firesheep-style attack)
Data sent in plain text, making it available for everyone to hack into.
What is unencrypted
The act of capturing data and analyzing the data being sent
You think you’re talking directly to your bank’s website, but an attacker secretly sits between you and the site, watching, and even altering, the information being exchanged.
What is a man‑in‑the‑middle attack?
In 2010, a Firefox extension allowed attackers on public Wi-Fi to instantly take over Facebook and Twitter accounts by stealing session cookies without passwords.
What is Session Hijacking (Firesheep)
When hackers create networks that look real but are really traps to steal your info
Transforming readable data (plaintext) into scrambled data (ciphertext) using a key.
What is Encryption
You log into your account, but a hacker steals your session ID and uses it to access your account as if they were you, without ever needing your password.
What is session hijacking?
In multiple airports and cafés, attackers created fake Wi-Fi networks with names like “Free Airport Wi-Fi,” tricking users into connecting and exposing their data.
What is an Evil Twin Attack
When connecting to unsafe Wi-Fi that allows harmful software onto your device without you even knowing.
What is Malware Attacks
Encrypts your data by scrambling it into a secret code that unauthorized people can’t see. It masks your IP address and location and shows that your internet activity is coming from the provider.
What is a VPN
You visit two websites: one shows a lock icon in the address bar, the other doesn’t. On the second site, your login info is sent in plain text, making it easy for attackers to read.
What is HTTPS?
Researchers demonstrated attacks where they used ARP spoofing on public Wi-Fi to silently intercept and modify traffic between users and legitimate websites.
What is a Man-in-the-Middle Attack
When a website doesn’t use HTTPS, so information isn’t protected and can be seen by others.
What is Unencrypted connections?
When a hacker uses someone else’s valid computer session to get information
What is Session Hijacking
You connect to hotel Wi‑Fi, but your browsing stays private because your device creates an encrypted tunnel that hides your IP address and location from anyone watching the network.
What is a VPN?
In a 2015 experiment, attackers on public Wi-Fi injected malicious code into unencrypted HTTP pages, causing users to unknowingly download malware just by browsing.
What is Code Injection
When hackers can ‘listen in’ on your internet activity and see what you’re doing
What is data interception