Last summer I had the chance to visit Bologna, Italy, and I was happy to see that there is free wifi service in the airport. I probably had to be suspicious from the beginning, but it all started to be strange for me, when I saw this “welcome” page in the browser after connecting:
According to the message, the site’s security certificate is “a bit” invalid. Actually it could be more invalid only if it were already revoked.
If you decide to continue you will see this website of the airport:
Really original design. Right, Bologna is not a huge metropolis, but I’m pretty sure it would be easy to find a student of the local university, who could click together a prettier website during a weekend.
This page made me curious and I could quickly find out, that the website has nothing to do with accessing the public internet.
There are many unusual and suspicious aspects here:
- IP address
- Phone number collection
This was the moment when I stood up and started to look for Troy Hunt and his Pineapple 🙂
Most of these concerns of me could be swept away with a single valid SSL certificate. But these invalid certificates do not guarantee anything, except nervous average users and pro users who are worrying about the security of their data.
If you do HTTPS, please do it correctly. Or don’t do it at all. Don’t try.