Unsecured WiFi

Discussion in 'privacy general' started by JerryM, Oct 30, 2009.

Thread Status:
Not open for further replies.
  1. JerryM
    Offline

    JerryM Registered Member

    My own wireless set up is secured, but I recently was in a motel whose wireless was not secured.

    I was wondering how malware or one stealing passwords would get into the unsecured wireless and steal passwords, etc. The sites one visits, such as ebay, have secured sign in.

    What are the risks incurred by using an unsecured WIFi as far as malware on your computer, and losing passwords to secured sites?
    Thanks.

    Regards,
    Jerry
  2. Ade 1
    Offline

    Ade 1 Registered Member

    Hey there.

    Here in the UK we have a tv programme called Watchdog. Last night they were looking at wi-fi hotspots which are unsecured wireless networks available at places like cafes, trains, fast food outlets which can be used by members of the public. They got an unidentified male who apparently works to help fight cyber crime (hence keeping his identity anonymous) but in this instance he managed to access a number of laptops used by the consumers on unsecured wi-fi hotspots as they, for example, checked their hotmail accounts. Once they logged in, he was able to block them from logging out as well as check all their emails (inc. any bank details, transactions made) and also send emails from their accounts. He was able to watch everything they were doing on his own laptop so if they made a purchase by entering their credit card details he would be able to note them down. It was truly scary stuff!

    Their are 3 main ISPs who provide wi-fi hotspots in the uk and apparently in order to help prevent this type of fraud they offer users to download VPN software. The main point made is that this software is not sufficiently advertised by these ISPs so that the average Joe doesn't know anything about it. Apparently they're going to make users more aware of it in the future.
  3. JerryM
    Offline

    JerryM Registered Member

    Thanks Ade 1,

    I guess what helps some is the number of users vs the number of hackers. I was careful not to log in to my financial sites, but did for a few minutes use ebay.
    I am surprised that those who provide WiFi to their guests do not always use security.

    Regards,
    Jerry
  4. duk
    Offline

    duk Registered Member

    The major problem for an unprotected wireless network is not exactly a virus infection or malwares.

    It is the fact that the attacker can easily capture passwords or sensitive data that is in plain text on network traffic, without invading your computer or install any malware, just sniffing your internet connection. But the most critical is the sophisticated man-in-the-middle attacks where the attacker can even hijack your SSL session and capture your data in secure HTTPS sites.

    It also has other attacks such as DNS poisoning, which can redirect the wireless user to any fake website, thinking that the real website.
  5. Meriadoc
    Offline

    Meriadoc Registered Member

    You wouldn't (every day user) believe how easy it is. With a little knowledge, right tool, someone can easily compromise you when accessing your private information through unsecured wifi.

    vpn:thumb:
  6. aigle
    Offline

    aigle Registered Member

    Even with a FW?
  7. funkydude
    Offline

    funkydude Registered Member

    Firewalls don't encrypt data. It can easily be sniffed in transit between your PC and the router.
  8. philby
    Offline

    philby Registered Member

    As duk says:
    I've been concerned about the same thing lately, as I've had to use hotspots a couple of times and have therefore started to look at VPN options. After much experimentation with Hotspotshield, UltraVPN and some others, I settled for Cyberghost as it was the one free option that wasn't rocket science to configure (OpenVPN was too much), didn't slow my browser to a crawl or throw up ads. every new page.

    I have no idea about whether this is really effective though as hitherto I've been a simple 'behind a secured NAT router' type person like the OP.

    I tested it last night and my IP was 'hidden' or at least 'shown as different', according to 'Whatsmyip'. I also checked for any weird behaviour using TCPView (nothing obvious) but I'm still not sure about:

    -what could happen between connecting to the wireless hotspot and the VPN becoming active (Cyberghost took about 30 seconds to connect).

    -whether the VPN is truly bullet-proof

    -what happens to the data at the 'secure' server (apparently in Germany). Is it really wise to tunnel data via a possibly suspect route just to protect from possible sidejacking?

    Perhaps one of the big-hitters here might know more about Cyberghost and the efficacy of other simple VPN solutions for the occasional, non-corporate, reluctant hotspotter.

    philby
    Last edited: Oct 31, 2009
  9. midway40
    Offline

    midway40 Registered Member

    Some sites, such as my bank, will not let me log in when they detect that my connection is not secured. I was trying to log in at work using an unsecured hotspot that is across the street and they denied my log in "for your security". Once I got the SSID and password for my company's wifi I was able to log in to my account.

    All financial sites should do this. This may be an inconvience at times but better safe than sorry.
  10. LockBox
    Offline

    LockBox Registered Member

    Find a good solid VPN with a good reputation and develop a relationship with them. What you have then is basically an ISP that you take with you and trust wherever you go. When using a VPN for this purpose and not necessarily for privacy or anonymity you can feel secure in the knowledge that your data is as safe as if it were going through your ISP at home.

    I think it's very important for that VPN provider to use OpenVPN-based technology.
  11. marix
    Offline

    marix Registered Member

    Hello, duk wrote they hijack ssl connections. So it means they can hijack ssh session too? On those hotstops me using ssh tunnel to secure provider i got. So this my method is unsecure too? Me using aes-256 client-server encryption.
Thread Status:
Not open for further replies.