Re: easy to perform
>1. A hacker sits in a cafe with a laptop, and injects an IFRAME into some plaintext HTTP data flowing through the airwaves.
Well the use of a public WiFi hotspot as an example is obvious as they don't typically use WiFi encryption. However, as most traffic isn't encrypted as it crosses the wider internet (and that includes traffic that gets encrypted to traverse a WiFi connection), the attack can be made anywhere, which re-opens the whole can-of-worms around the NSA etc.
Biting the hand that feeds IT
