After using Firefox's HTTPS only mode I have noticed that quite disturbingly a lot of these auto-injected tracking links redirect through HTTP. I have seen nearly a dozen of websites that have this for password reset links.
It makes me wonder if it could be a viable attack to set up a WiFi hotspot, block login attempts so that some users think that they forgot their password (the error won't be right, but many users may try resetting their password anyways). Then you just intercept the HTTP tracking link and reset their password for them. Now you have stolen their account.
Of course you could just do this passively but prompting it by trying to fail login attempts would get you more hits.
It makes me wonder if it could be a viable attack to set up a WiFi hotspot, block login attempts so that some users think that they forgot their password (the error won't be right, but many users may try resetting their password anyways). Then you just intercept the HTTP tracking link and reset their password for them. Now you have stolen their account.
Of course you could just do this passively but prompting it by trying to fail login attempts would get you more hits.