Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 03-09-2013, 11:20   #46
Registered User

Join Date: Mar 2013
Boat: 45' CC ketch
Posts: 332
Re: Can we dispel this WiFi myth?

I think properly exectuted banking system can be accessed from even the most compromized and sniffed network, without worries. OK, they get my session password, what next? It is one time only. To transfer funds I need to verify by entering code from SMS, or use more one time passwords. The sensitive info expires before it can be used by bad guys (if the banking system is properly built, of course). I think that sniffing of your mail login/password pair is more dangerous because it can be used to access specific info that can be used to social engineer you and YOU will willingly transfer them the money
__________________

__________________
Sea Frog is offline   Reply With Quote
Old 03-09-2013, 11:59   #47
Registered User

Join Date: May 2012
Location: Central California
Boat: Catalina 30
Posts: 873
Re: Can we dispel this WiFi myth?

o_q:

Thanks for that, but upon googling VPN
I'm now more confused than ever. After
spending time looking at just one VPN
provider site (AT&T), the choices are
mindboggling. And there's no reference
to cost. Would it be $1/month? or $1000/
month? Does one need new hardware?

My guess is that the posters on this
thread that are using the acronyms
already understand what they need
to do. Those of us who don't, well,
we're the ones who are screwed.
__________________

__________________
Bill
...........................................
You can't buy happiness, but you can buy ribeye.
jongleur is offline   Reply With Quote
Old 03-09-2013, 12:21   #48
Registered User
 
Liltttzr's Avatar

Join Date: Nov 2011
Location: Pa
Boat: Made offer on a Regal
Posts: 68
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by o_q View Post
What this sounds like to me is that he knows at least how to sniff packets, and he reads websites like metasploit. However, this is besides the point, and means nothing if the bottom line is that your VPN traffic is encrypted. Going on about the possibilities of what hackers can do, comes off as someone whose intention is to scare you. Did he specifically say that VPNs aren't secure? Or did he just show you that he caught a packet while you were using VPN, and you assumed it wasn't safe?
o-q "metasploit"??? lost me on that one. Maybe he is just trying to scare me. Could not answer that one "little one would probally love getting one over on dad. But about the VPN, I have to use Cisco anyconnect to VPN into the corp from remote sites and thought our net work was secure. So he had me log in and was able to show me exactly what I sent into HQ. Like I said, I do not know. I was just giving answer to the OP because my son showed me this and it was in person. You seem to have much more of a working knowlage of these things than I. I do wish I had more workings with the software and hardware end of these things. But maybe after retirement. No use for WIFI under ground in the dirt. Only when I come out do I have to do expences and reports with e-mail..
__________________
Life is a adventure... Just pull up the anchor
Liltttzr is offline   Reply With Quote
Old 03-09-2013, 12:39   #49
Wayfaring Mariner
 
captain58sailin's Avatar

Cruisers Forum Supporter

Join Date: Mar 2009
Location: Homer, AK is my home port
Boat: Skookum 53'
Posts: 4,045
Images: 5
Re: Can we dispel this WiFi myth?

I signed up with "Strong VPN" the cost was 55 USD per annum. The one I had before was 195 so the price is coming down. Considering what is at stake, it seems a small price to pay.
__________________
" Wisdom; is your reward for surviving your mistakes"
captain58sailin is offline   Reply With Quote
Old 03-09-2013, 12:46   #50
Registered User
 
nimblemotors's Avatar

Join Date: Apr 2011
Location: Sacramento, California
Boat: Solar 40ft Cat :)
Posts: 1,557
Re: Can we dispel this WiFi myth?

You don't need a VPN (Virtual Private Network) for secure banking.
All banks have only secured, encrypted HTTPS web access.
The data from your computer to the bank computer is encrypted before it leaves your computer, so the wireless system is not relevant.

What someone can find out by sniffing the wireless data (which is trivial to do),
is seeing what websites you are visiting, including which bank you use.
So it is more a privacy issue than a security issue.
__________________
JackB
MiniMPPT Solar Controller
nimblemotors is offline   Reply With Quote
Old 03-09-2013, 12:57   #51
Registered User

Join Date: Jul 2013
Location: Usually South Florida these days
Posts: 825
Re: Can we dispel this WiFi myth?

When I lived in Phoenix, the 16 year old kid next door broke the 128-bit WEP encryption on my WiFi & leached off of my connection for a few months. I never had any bank info on my computer there, so there was really not much for anyone to steal. The worst thing that he could have gotten was the passwords to my e-mail accounts.

I stopped doing internet banking after my account number & password got stolen when I used a computer in a hotel that I was staying at.

WiFi is not secure. Google has admitted publicly that they have "accidentally" collected a great many passwords in their roaming data collection vans. They've been fined for it too. This is just one example. Google hit by $7M fine for wifi snooping Street View cars that intercepted emails | Mail Online
__________________
pbiJim is offline   Reply With Quote
Old 03-09-2013, 14:06   #52
Registered User

Join Date: Jul 2013
Posts: 6
Re: Can we dispel this WiFi myth?

WEP encryption was broken years ago and is extremely easy to get into.
WPA has also been broken and almost as easy to get into.
It's just an extra layer. As long as the connection is encrypted with ssl/https you are pretty safe. (never 100%, https is under fire for being insecure now too)
Using a strange computer you do not know is risky. They likely got your information because they had a keylogger running.
Wifi is much more secure.
__________________
az_r2d1 is offline   Reply With Quote
Old 03-09-2013, 15:01   #53
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Re: Can we dispel this WiFi myth?

Quote:
When I lived in Phoenix, the 16 year old kid next door broke the 128-bit WEP encryption on my WiFi & leached off of my connection for a few months. I never had any bank info on my computer there, so there was really not much for anyone to steal. The worst thing that he could have gotten was the passwords to my e-mail accounts.

I stopped doing internet banking after my account number & password got stolen when I used a computer in a hotel that I was staying at.

WiFi is not secure. Google has admitted publicly that they have "accidentally" collected a great many passwords in their roaming data collection vans. They've been fined for it too. This is just one example. Google hit by $7M fine for wifi snooping Street View cars that intercepted emails | Mail Online
128 bit WEP has been broken for years , none with any sense is using it.

remember secure Wifi is just encrypted wifi. any one with the key can decrypt it . its not "secure" many such encryptions can be hacked, but some take a lot of horsepower and persistence

Google only collected data from open wifi networkd, not those "secured"

in my view HTTPS ( i.e. TLS) is as secure as a VPN, using a VPN and HTTPS is in effect merely duplicating things. most VPNS use SSL ( TLS) in essence HTTPS is a VPN.

dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 03-09-2013, 16:21   #54
Registered User
 
svseachange's Avatar

Join Date: Aug 2012
Location: East Coast of Australia
Boat: Custom Steel 43 ft
Posts: 781
Quote:
Originally Posted by goboatingnow View Post
my view HTTPS ( i.e. TLS) is as secure as a VPN, using a VPN and HTTPS is in effect merely duplicating things. most VPNS use SSL ( TLS) in essence HTTPS is a VPN.
Exactly. Most VPNs rely on SSL for encryption. For this reason there is no practical difference in security in security between a browsers SSL connection and a VPN connection.

I use VPNs for work to connect to a private networks. This just makes it easier to securelt work on remote networks and has little practical application for most cruisers.

Rebel Heart brings up an interesting point about some geographical areas being blocked. A VPN is one way of getting around this. Another way would be to get a cheap demand EC2 instance from Amazon for these occasional transactions.

For regular stuff, you are safe as houses making sure you are using HTTPS (SSL) connections.

Open WiFi is fine. Just make sure you only pass sensitive data over https (and never over http). Use your own laptop and never, ever enter anything sensitive on public computers in marinas or Internet cafes
__________________
svseachange is offline   Reply With Quote
Old 03-09-2013, 16:27   #55
Registered User
 
KneesintheBreez's Avatar

Join Date: Sep 2013
Location: SF Bay Area
Boat: Looking to buy
Posts: 6
Re: Can we dispel this WiFi myth?

What i do is use only one account for purchases -- one card. I keep a low balance in it to assuage just such fears. That way, my potential loss is limited to a certain "low" amount. Then, I monitor the activity in the account for anything "suspicious,"and (usually) finding nothing, I replenish the "active account" as necessary, over the phone (landline). My other, "real money-containing," accounts specifically have no cards or checks assigned, so nothing to steal. And, you are protected from credit card fraudulent activity for 30 days (review your statements! Not so with ATM/Debit charges, and if they get those numbers, you are liable for ALL fraudulent activity! AND, ALWAYS carry a gun. Sure, get a permit. Make them think twice!
__________________
KneesintheBreez is offline   Reply With Quote
Old 03-09-2013, 16:32   #56
Registered User

Join Date: Jul 2013
Location: Usually South Florida these days
Posts: 825
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by goboatingnow View Post
128 bit WEP has been broken for years , none with any sense is using it.
I used WEP when I lived in Phoenix. At the time, it was the current technology.

According to my local news reports, the Google vans are able to break higher end encryption as well these days.

I don't study cracking. I'm not up to date on all the details.
__________________
pbiJim is offline   Reply With Quote
Old 03-09-2013, 16:36   #57
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Re: Can we dispel this WiFi myth?

Quote:
ed WEP when I lived in Phoenix. At the time, it was the current technology.

According to my local news reports, the Google vans are able to break higher end encryption as well these days.
I have friends who drive the Google cars. They only picked up open wifi networks. Mind you despite Google saying it was "accidental", the cars are fitted with servers with terabytes of storage. !!!!.

And this is a company scanning gmail usage.

Google "do no good" if you ask me.

dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 03-09-2013, 16:46   #58
Registered User

Join Date: Jul 2013
Location: Usually South Florida these days
Posts: 825
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by goboatingnow View Post
Google "do no good" if you ask me.

dave
I concur.

But that aside, If Google is able to collect so much data from WiFi systems, then it is only logical to assume that others can do it as well.
__________________
pbiJim is offline   Reply With Quote
Old 03-09-2013, 16:49   #59
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by pbiJim View Post
I concur.

But that aside, If Google is able to collect so much data from WiFi systems, then it is only logical to assume that others can do it as well.
google was exposed in Germany , under very strict data privacy laws doing "war driving". and yes anyone can do it. Ive done it myself. if you run an open network , it is by definition "open"

dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 03-09-2013, 18:13   #60
Senior Cruiser
 
colemj's Avatar

Cruisers Forum Supporter

Join Date: Oct 2005
Location: Presently on US East Coast
Boat: Manta 40 "Reach"
Posts: 10,049
Images: 12
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by goboatingnow View Post
Mind you despite Google saying it was "accidental", the cars are fitted with servers with terabytes of storage. !!!!.
Our TV has 2TB of storage and I am currently carrying 4TB of storage in my pants pocket (no, I am not happy to see you - I just happened to put two drives in my pocket to take them to my computer bag), so it doesn't seem unusual to me for a google car to have this amount given that they are taking high res pictures.

Mark
__________________

__________________
www.svreach.com

You do not need a parachute to skydive. You only need a parachute to skydive twice.
colemj is offline   Reply With Quote
Reply

Tags
paracelle

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 23:33.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.