Jump to content

Don't Assume Wireless Hot Spots Are Secure.


Recommended Posts

Posted

this has always concerned me!

>>>>>>>>>>>>>>>>>>>

He had hacked into the coffee shop's wireless Internet connection on his Toshiba laptop. It took him all of about five minutes to do so, using free software available online.

Public Wi-Fi is very handy for perusing the Internet away from the office or home. Just remember that you may have company while surfing.

No one in the evening crowd at a Starbucks in Pasadena knew Humphrey Cheung.

But Cheung, quietly sipping hot chocolate and working on his laptop, knew things about them.

Several tables away was a guy sitting alone with his own laptop. "He's starting a business," Cheung said. And the young couple in the far corner? "They're getting married," he confided.

http://www.latimes.com/business/la-fi-cons...-home-headlines

>>>>>>>>>>>>

my impression is that a wireless connection is only as good as the security of the wireless network

& the coffee shop only wants everyone to have an easy connection.

Question:

a wireless network that requires a password is better???

Posted

As with ANY networking connection.. Its only as secure as YOU set up YOUR machine to be..

If you leave your machine with default shares and nop firewall.. Then plonk down on a public network..Whose fault is that ??

Setting up network security (WEP Key) will only secure people from joinign the network.. All those on it are still int he above position.

Posted

[Edit: Post overlapped] Not really. The password restriction on paid hotspots just stops people from using it without paying, it doesn't conceal the data flying around in the air.

The only thing that will prevent people seeing the data is encryption, and very few public access points do that. Those that do typically use one shared key for everyone.

If you are worried about security at public hotspots, things you can do are:

* Do not login to sites you consider sensitive unless they offer an encrypted connection (SSL).

* Install some VPN software like Hamachi. Use this to establish an encrypted tunnel out of the hotspot to another computer (like your desktop at home) which you consider to be safer, so you indirectly surf out through its internet connection (there are some paid web services that offer the same functionality, may be easier).

Posted

Pretty much nothing is absolutely secure. Everything is secure to a certain level, and with a certain level of determination, is insecure. Wireless hotspots are safe to a certain extent, just like your home phone and cell phone are safe to a certain extent. To think that they don't have security holes is a delusion. To think that you can't use wireless hotspots because they're unsafe is paranoia. You might as well live in total seclusion in a cave somewhere.

In other words, let's not take this made-to-be-sensational article (by the author of the article, not pumper) out of context. There have been similar reports on cell phones, the internet, your trash, your car, etc. etc. etc.

Posted
Pretty much nothing is absolutely secure. Everything is secure to a certain level, and with a certain level of determination, is insecure. Wireless hotspots are safe to a certain extent, just like your home phone and cell phone are safe to a certain extent. To think that they don't have security holes is a delusion. To think that you can't use wireless hotspots because they're unsafe is paranoia. You might as well live in total seclusion in a cave somewhere.

In other words, let's not take this made-to-be-sensational article (by the author of the article, not pumper) out of context. There have been similar reports on cell phones, the internet, your trash, your car, etc. etc. etc.

One thing is good to remember though: When you are using any wireless connection, you are basically using a radio which is broadcasting all information going in and out of the computer to the world.

Just be aware of that.

Only encrypted connections - to https:// websites - are safe.

You probably don't care if anyone knows which websites you are visiting at the moment, but your email is another matter. Make sure to set your email clients to use encrypted connections, most don't do that by default. Or use only webmail with https:// prefix, like:

https://mail.google.com

https://mail.yahoo.com etc

Posted
Only encrypted connections - to https:// websites - are safe.

Only as long as you are using your own computer, controlled by yourself. Use a borrowed computer, one in an internet cafe, or one that your employer provided to you and there is a good chance that it has been 'enhanced' with software that violates your privacy in ways that most people don't expect.

Posted

Anyone try the FREE Anchorfree hotspot shield?

I haven't had the opportunity to check it out yet as I haven't been "on the road" since first hearing about it. I would like to hear some reviews from our resident experts.

Hotspot Shield helps secure your computer, your anonymity and your online communications when using free wi-fi. Hotspot Shield...

* Ensures your computer remains anonymous and private when logged on to free wi-fi hotspots.

* Auto encrypts and protects inbound / outbound Internet traffic (email, instant messaging, VoIP calls, web surfing, etc.) as it's transmitted thru the air, using wi-fi.

* Thwarts wireless hackers keeping your personal data locked down while using an unsecured hotspot.

* Provides professional security and protection without expensive or complex requirements.

Posted

Incredible OP.

But okay, let's go along with the idea in the openingspost. Encryption on public WiFi. Because you don't want anyone to take a look at your data!

You come at a hotspot, turn on your computer and see a wireless network. Oh, it's protected, so in order to connect to it you need the secret key. So where do you get it.....on the prepaid card for the hotspot maybe? Nice, the secret is printed on all cards (so not really a secret anymore). But now you have it, all your wifi traffic is encrypted. By the way, the hacker bought a card as well and now uses the same key to decrypt your data.

A bit further sits another hacker. He's smarter because he didn't buy a card; it took him only 8 seconds to find the key.

But hey, encryption makes the customer feel safe. That same customer has no idea that the connection from his laptop to the server he's accessing, is encrypted for the first one hundred meters and unencrypted for the next fifteen thousand kilometers. And don't forget that Thailand's transparent proxy is able to see all data being passed through.

Security is your own responsibility, if you want encryption, use SSL like others (e.g. Nikster) stated before - that's the only end-to-end encryption you can trust. WEP encryption used to be safe and is now just an illusion. The same goes for WPA that relies on a shared secret (=static) - it's only safe if setup with a radius server and certificate server (=dynamic).

Question:

a wireless network that requires a password is better???

Answer:

no, it just adds the illusion of security

Posted

Depends on what you define as "better". Depends on what you really mean by the whole question. Are you asking a security pundit who wants to emphasize the lack of security in wireless networks, or are you asking the typical user who's asking whether he/she should set a password in his wireless network to prevent casual users from stealing his bandwidth. You'll get different answers, and none of the answers are absolutely correct. They may look really smart/wise/witty, but they're not correct. The solutions people say are "safe" (as in safer than the norm) aren't actually completely "safe". They're just "safer". You choose whatever level of safely applies to your application. Does the typical home user want to go through all the hassle of setting up a military-level safety net for his house? Of course not. Should a bank use a really lousy encryption-free network? Of course not. Should you push your own complicated safety standards on a clueless Joe? Of course not.

Look, folks, we can all try to look smart and say things like "your network is not secure". No network is secure, period. None. It's the result of being connected to other people. Once you're connected, you're vulnerable. The only truly secure computer is one that's locked in a vault buried in a unknown location a few thousand feet under the sea bed, with zero connections to the outside world. Can you actually use it? No. There's a difference between being "absolutely secure" and "actually practical". We may want to live in the "absolutely secure" world, and lament about not having it, but to be in that world would mean disconnecting yourself from everything.

It's a pointless argument, really.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...