Digital Spy

Search Digital Spy
 

DS Forums

 
 

using public wi-fi security issues?


Reply
Thread Tools Search this Thread
Old 21-03-2013, 15:44
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292

Do you happily sign onto public wi-fi such as mcdonalds and starbucks?

I'm cautious about security. If I need to rely on wi-fi for internet access apart from the obvious considerations like not doing banking etc, is it safe? Or should I really use some sort of paid vpn service for peace of mind?

Also, given a choice of using wi-fi or 3g, which is quickest? Always use wi-fi when available to save costs?
DeelyBopper is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 21-03-2013, 15:51
soulboy77
Forum Member
 
Join Date: Jul 2005
Location: Herts
Posts: 14,563
As long as you have decent protection on your laptop then it shouldn't be a problem unless you do stupid things on line.
soulboy77 is offline   Reply With Quote
Old 21-03-2013, 15:57
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
I usually use MSE.
DeelyBopper is offline   Reply With Quote
Old 21-03-2013, 16:03
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 22,304
The WiFi security you use at home only protects the WiFi link, it has zero effect on security out to the wider interweb. So it doesn't matter what, if any, security you use on the WiFi if the site you visit is infested with all sorts of malware or has been hacked to pieces to harvest sensitive data.

Not having any WiFi security might be a risk if someone is eavesdropping on the WiFi communication and sucking the relevant data out of that. Not sure I've ever heard of that being done though.

As for which is quicker, WiFi or 3G. How long is that piece of string? Impossible to answer.

It all depends on the speed of the connection to the internet that you are tapping into with the WiFi. That could be slower, equal to or faster than 3G. So neither is inherently faster or slower than the other.
chrisjr is online now   Reply With Quote
Old 21-03-2013, 16:03
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds, UK
Posts: 7,003
Do you happily sign onto public wi-fi such as mcdonalds and starbucks?

I'm cautious about security. If I need to rely on wi-fi for internet access apart from the obvious considerations like not doing banking etc, is it safe? Or should I really use some sort of paid vpn service for peace of mind?

Also, given a choice of using wi-fi or 3g, which is quickest? Always use wi-fi when available to save costs?
Online backing is encrypted using SSL, so actually it's safe.

How paranoid do you want to be? Unless you are sending your credit card and PIN number via an unencrypted email you will be fine.
Stig is online now   Reply With Quote
Old 21-03-2013, 16:08
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
in public wifi all data packets sent can be clearly read by anyone else on the network. that is the first thing.

additionally you have no way of knowing that you are actually connected to the access point you think you are so traffic can be redirected. as in when you type hsbc.co.uk you could be sent anywhere.

however life is not so bad as that sounds.

all data packets that are encrypted with https are secure. even if they are read they will be meaningless. and that should cover the sensitive stuff. if your device has email for example you need to make sure that is encrypted too.

as for redirection. if you go to hsbc, or gmail or whatever once you get to the secure pages there will be a certificate issued for the encryption. you can see this on the left of your address bar. if that certificate checks out then there is very little chance that it is not hsbc.

what else could i do, well if i can redirect you i guess i could redirect any downloads you might try, any programs i mean, to something of mine that is nasty and you would think was the app you intended to download. i've never heard of this being done.

i'm sure those are not the only risks. but if you accept that any unencrypted data can be read. and check that sites that should be encrypted are. you should be ok.
flagpole is offline   Reply With Quote
Old 21-03-2013, 17:11
Robert_Crowther
Inactive Member
 
Join Date: Mar 2013
Posts: 2
You could always use a VPN
Robert_Crowther is offline   Reply With Quote
Old 21-03-2013, 17:20
cnbcwatcher
Forum Member
 
Join Date: Sep 2008
Location: At college, in L.A.'s office
Posts: 51,175
I often use public wifi but if I have to do anything that involves entering my credit card details or other private data then I'll wait until I'm at home or use a mobile dongle or my phone.
cnbcwatcher is offline Follow this poster on Twitter   Reply With Quote
Old 21-03-2013, 18:40
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
You could always use a VPN
YOu're Back!!! Hooray.
DeelyBopper is offline   Reply With Quote
Old 21-03-2013, 18:50
tealady
Forum Member
 
Join Date: Apr 2005
Location: colchester
Posts: 11,011
You could always use a VPN
Really subtle new username.
tealady is online now   Reply With Quote
Old 21-03-2013, 19:14
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
Online backing is encrypted using SSL, so actually it's safe.

How paranoid do you want to be? Unless you are sending your credit card and PIN number via an unencrypted email you will be fine.
I'm only slightly paranoid but do like to be safe.

I was asking out of safety rather than paranoia as I have no idea what I should be doing.

If the consensus is that most people do log into public wi-fi hotspots without worry then that's fine with me.

I'll just make sure that whatever I'm browsing is something I'd be happy to browse even if a stranger was sat next to me watching.

I'll leave the banking and jodhpursaresexy.com to when I'm safely tethered using 3g.

Is using a vpn overkill then?
DeelyBopper is offline   Reply With Quote
Old 21-03-2013, 19:18
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds, UK
Posts: 7,003
YOu're Back!!! Hooray.
But not back for long. Such arrogance...
Stig is online now   Reply With Quote
Old 21-03-2013, 19:21
chrisjr
Forum Member
 
Join Date: May 2004
Location: Reading
Posts: 22,304
Banking uses (or should use) secure encryption. This is applied by your laptop to the data it exchanges with the internet. So even is someone was snooping on your WiFi link what they receive would be useless to them.

So your biggest danger could be someone peering over your shoulder memorising what you type. Or a keylogger secretly installed on your machine that records everything you type. That would get round any form of WiFi security or using a 3G dongle.
chrisjr is online now   Reply With Quote
Old 21-03-2013, 20:04
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
Banking uses (or should use) secure encryption. This is applied by your laptop to the data it exchanges with the internet. So even is someone was snooping on your WiFi link what they receive would be useless to them.

So your biggest danger could be someone peering over your shoulder memorising what you type. Or a keylogger secretly installed on your machine that records everything you type. That would get round any form of WiFi security or using a 3G dongle.
Like I said in post #6 it is possible for someone to set up an access point called something like McDonalds.WiFi that will just relay traffic unless you got to a secure site of some sort when it would redirect to it's own version of the page and capture your login.
flagpole is offline   Reply With Quote
Old 21-03-2013, 20:59
ibatten
Forum Member
 
Join Date: Jan 2004
Location: Birmingham
Posts: 309
Like I said in post #6 it is possible for someone to set up an access point called something like McDonalds.WiFi that will just relay traffic unless you got to a secure site of some sort when it would redirect to it's own version of the page and capture your login.
But then the certificate checking would fail. A really, really skilled attacker would have obtained a certificate for hsbc.co.uk or whatever from a certificate authority who was (a) solid enough to be included in the list of root CAs and (b) flakey enough to issue such a certificate to a random bystander. There are a proposals to deal with that scenario (certificate pinning and the like). But an attacker with the capability to do that wouldn't be wasting their time doing it for small WiFi networks, they would be making millions much deeper into the network.
ibatten is offline   Reply With Quote
Old 21-03-2013, 21:18
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
But then the certificate checking would fail. A really, really skilled attacker would have obtained a certificate for hsbc.co.uk or whatever from a certificate authority who was (a) solid enough to be included in the list of root CAs and (b) flakey enough to issue such a certificate to a random bystander. There are a proposals to deal with that scenario (certificate pinning and the like). But an attacker with the capability to do that wouldn't be wasting their time doing it for small WiFi networks, they would be making millions much deeper into the network.
You just don't encrypt it. Your custom access point grabs the encrypted page. Pushes an identical page with the correct domain in the browser because you're using a custom DNS server. Hardly anyone checks that a page is actually encrypted. They just assume it will be.

You use the actual access point for the real bandwidth. No special skills required, just download the tool.
flagpole is offline   Reply With Quote
Old 21-03-2013, 21:51
Matt D
Forum Member
 
Join Date: Jun 2007
Location: Cambridge
Posts: 11,418
Like I said in post #6 it is possible for someone to set up an access point called something like McDonalds.WiFi that will just relay traffic unless you got to a secure site of some sort when it would redirect to it's own version of the page and capture your login.
IIRC there was a TV show that demonstrated this a few years ago..."The Real Hustle"? They set up a fake WiFi hotspot in an airport and waited to see how many people fell for it...
Matt D is offline Follow this poster on Twitter   Reply With Quote
Old 22-03-2013, 07:57
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
IIRC there was a TV show that demonstrated this a few years ago..."The Real Hustle"? They set up a fake WiFi hotspot in an airport and waited to see how many people fell for it...
Good show, shame she went down the route of plastic surgery and tattoos, but each to their own!
DeelyBopper is offline   Reply With Quote
Old 22-03-2013, 08:25
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
Good show, shame she went down the route of plastic surgery and tattoos, but each to their own!
if you look hard enough there are pictures of her with her bat out from before that.
flagpole is offline   Reply With Quote
Old 22-03-2013, 09:17
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
if you look hard enough there are pictures of her with her bat out from before that.
I'm afraid to ask, bat?
DeelyBopper is offline   Reply With Quote
Old 22-03-2013, 09:32
RobinOfLoxley
Forum Member
 
Join Date: May 2009
Location: Devon
Posts: 6,725
The first few articles here are pretty comprehensive and understandable.

https://www.google.co.uk/search?pws=...+wifi+securely
RobinOfLoxley is offline   Reply With Quote
Old 22-03-2013, 09:47
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
I'm afraid to ask, bat?
when seeking euphemisms for lady parts i just insert any noun.
flagpole is offline   Reply With Quote
Old 22-03-2013, 09:59
DeelyBopper
Forum Member
 
Join Date: Feb 2009
Posts: 2,292
The first few articles here are pretty comprehensive and understandable.

https://www.google.co.uk/search?pws=...+wifi+securely
Thanks and to everyone else that has taken time out to post. I'll do some more reading.

when seeking euphemisms for lady parts i just insert any noun.
I feel the urge to look for said bat pics.

So far as Wi-Fi is concerned I think I'm going to use 3g as much as possible and only use wifi when absolutely necessary.

I had an image of me using a netbook in McD's / Starbucks / library but I think the reality is I prolly won't need to so long as I can get online properly once a day. Which I'll be able to do where I'm based.
DeelyBopper is offline   Reply With Quote
Old 22-03-2013, 10:59
ibatten
Forum Member
 
Join Date: Jan 2004
Location: Birmingham
Posts: 309
You just don't encrypt it. Your custom access point grabs the encrypted page. Pushes an identical page with the correct domain in the browser because you're using a custom DNS server. Hardly anyone checks that a page is actually encrypted. They just assume it will be.
Sorry, could you run that by me again? Client attempts to connect to https://foo.bar, on port 443, using SSL. What happens next? Before the man in the middle can send any data, it has to present a certificate, as otherwise the SSL negotiation will fail. What does it do at that point? Be as technical as you like. Because if what you say is possible, SSL is completely broken, and it would be a very important result that should be in the literature.
ibatten is offline   Reply With Quote
Old 22-03-2013, 11:39
flagpole
Inactive Member
 
Join Date: Jan 2003
Posts: 43,524
Sorry, could you run that by me again? Client attempts to connect to https://foo.bar, on port 443, using SSL. What happens next? Before the man in the middle can send any data, it has to present a certificate, as otherwise the SSL negotiation will fail. What does it do at that point? Be as technical as you like. Because if what you say is possible, SSL is completely broken, and it would be a very important result that should be in the literature.
the ssl is never engaged to the end client. only between the MitM and the real server.

the man in the middle see the request for https://foo.bar, or more likely a lookup on foo.bar and redirects it locally. the MitM retrieves https://foo.bar itself. and represents it to the end user with a redirect as http://foo.bar the process continues around foo.bar

why is that hard?
flagpole is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT. The time now is 21:37.