Things overheard on the WiFi from my Android smartphone
Feb 28, 2011, 22:33 (0 Talkback[s])
(Other stories by Dan Wallach)
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
"Today in my undergraduate security class, we set up a sniffer
so we could run Wireshark and Mallory to listen in on my Android
smartphone. This blog piece summarizes what we found.
* Google properly encrypts traffic to Gmail and Google Voice,
but they don't encrypt traffic to Google Calendar. An eavesdropper
can definitely see your calendar transactions and can likely
impersonate you to Google Calendar.
* Twitter does everything in the clear, but then your tweets
generally go out for all the world to see, so there isn't really a
privacy concern. Twitter uses OAuth signatures, which appear to
make it difficult for a third party to create forged tweets."