McDonald's WiFI login: The info on entered on this page will be sent over insecure channel
When I log in the the WiFi at McDonald's, get the login page by first trying to a URL without HTTPS, e.g., http://www.google.ca. I'm guessing that the access point intercepts this and sends to the an HTTP login page. I get a button to "Connect", which I press, but then Firefox presents me with the warning that the info entered on the page will be sent over an insecure channel.
I *assumed* that *only* the clicking of the "Connect" button will be sent. I don't know exactly how it all works, but I assume that at some point, some kind of key info is needed to use the access point, and that any subsequent https links I establish with, say, gmail, will be an added layer of encryption on top of that. Consequently, I assume that I don't have to worry about the message. Is this a somewhat reasonable way of understanding the due diligence required, if not the security schemes themselves?
All Replies (6)
Yes, this is a new security feature that warns you if there is a password field on an open HTTP page. In Firefox 52 a doorhanger will open if you type in the name or password field on such a HTTP page. You can proceed on your own risk and possibly try if you can change HTTP to HTTPS in the location/address bar.
As far as I know, there was no password field on that page. You only click the button to Connect. My question was whether I can trust that subsequent https links can be trusted. Like I said, I'm not a security guy, but I've read of man-in-middle attacks. Not sure if this would open one up for that. I don't want to compromise by gmail account (or any other account, for that matter).
Sometimes on web pages, the user/password are hidden until the user chooses to login.
Understood. However, this is a McDonald's WiFi login. The user never supplies a username and/or password. There is just a single button to connect.
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to.
Type about:preferences<Enter> in the address bar.
- Cookies; Select Privacy. Under History, select Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network. Across from Cached Web Content, Press Clear Now.
If there is still a problem, Start Firefox in Safe Mode {web link} A small dialog should appear. Click Start In Safe Mode (not Refresh). While you are in safe mode;
Type about:preferences#advanced<Enter> in the address bar.
Under Advanced, Select General. Look for and turn off Use Hardware Acceleration.
Poke around safe websites. Are there any problems?
Then restart.
Thanks, FredMcD. I will save your instructions on the computer of interest because at the time I experience the problem, I won't have access to it without getting past the WiFi issue.