Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 12-09-2013, 22:37   #91
Registered User
 
zboss's Avatar

Join Date: Sep 2011
Location: On a boat
Boat: Cabo Rico 38
Posts: 3,426
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by mr-canada View Post
Of course... You could always just take my suggestion and use your phone's data plan and skip past the 98% of would be identity theives who can't afford all the gear and antennae to snort that type of traffic (hideously expensive)
Now THAT is true.

When I was in Africa, pretty much all banking is done by mobile phone. You send someone money by phone and then call them with the unlock code. You go to their version of a western union, and give them your phone and the code and they hand you the money.

The phone alone or the code alone does you no good.
__________________

__________________
zboss is offline   Reply With Quote
Old 12-09-2013, 22:52   #92
֍֎֍֎֍֎֍֎֍֎

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 13,056
Re: Can we dispel this WiFi myth?

"Does anyone have a first hand example of their bank details being stolen over an unsecured wifi connection and then funds being withdrawn from their account????"

There have been any number of reports of massive thefts and frauds against major retailers (offhand I think Home Depot was one) going back around 5? 8? years ago. Folks would just pull up in the parking lot, skim the credit card information from the unsecured internal wifi networks in the stores, and have a field day. So yes, commercial organized theft of data from unsecured Wifi is common, or has been.

Which is also why WEP has been obsoleted, it was at least five years ago that tools to crack WEP in under five minutes were published.

If you can pick a public location where folks use free WiFi, the odds are someone was, is, or will be sniffing for information.

Now, if you are using only HTTPS secured web pages, or you are using some other "end to end" security scheme like a VPN, you can probably use unsecured wifi without any risk because--by definition--you have now secured it.

The easy alternative used to be using a cellular connection, but as was proven at one of the hacker conventions this year, all it takes is a $300 picocell (now commonly sold as home cell boosters) and a little work, and you can capture and decrypt any cellular connection in the immediate area as well.

There are plenty of white papers online. Security is only necessary if you have something to lose. Or if you use one same username and password in multiple places, which led to weeks in hell for one of the authors at Wired after he got hacked by social engineering, and the clever hackers went to likely places and chased down his other accounts.
__________________

__________________
hellosailor is offline   Reply With Quote
Old 12-09-2013, 23:00   #93
Do… or do not
 
s/v Jedi's Avatar

Cruisers Forum Supporter

Join Date: Feb 2009
Location: in paradise
Boat: Sundeer 64
Posts: 9,198
Don't worry if you loose your password that you only used over encrypted SSL links. The NSA decrypts it all so just give them a call and ask for your password

Seriously, it has come up last week that the NSA has backdoors into all the encryption protocols. They basically paid millions to the programmers to convince them to agree to this. All our traffic is unsafe unless program sources are published for peer review. When this happens, like with PGP, it is often declared illegal to use it. Says it all IMHO.
__________________
s/v Jedi is offline   Reply With Quote
Old 12-09-2013, 23:08   #94
Registered User
 
Tomm0's Avatar

Join Date: Jan 2013
Location: Melbourne, australia
Boat: Joubert Koala 24
Posts: 114
Re: Can we dispel this WiFi myth?

The main risk is that you're connecting to someone's wifi pineapple (it's a kind of honey trap) and not to a real router.
If the website you access is using HTTPS you don't really have a problem connecting to the internet via any connection.
- Network Engineer.
__________________
Tomm0 is offline   Reply With Quote
Old 13-09-2013, 03:14   #95
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Re: Can we dispel this WiFi myth?

Quote:
"you have no privacy, get over it." Scott McNealy, ex-CEO of Sun Microsystems
Get out the TIN Hats
dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 13-09-2013, 04:15   #96
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Re: Can we dispel this WiFi myth?

actually its worth point out that PGP with 2048 bits keys have not been cracked, nor has GNU Privacy platform. Both of these are open source, so backdoor access isnt possible

Of course endpoint hacking is possible.

dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 13-09-2013, 05:57   #97
Registered User
 
vtsailguy's Avatar

Join Date: Aug 2010
Posts: 330
What a great thread.


I you sift through the posts of the network guys here, past the technical terms, there IS a basic consensus. I am in this field myself. I once showed a coffee house owner how I could sit with free tools and show all the Facebook images his customers were browsing to get him to put a simple password on his wifi.

So, in a nutshell.

Nothing is 100% secure
It's very easy to be about 99.9% secure
It's very hard to be 99.9999% secure.

The easy way to get that easy, yet robust security is to NEVER combine these three things

1. A wifi network with no password
2. An http connection for important transactions (use https)
3. The same password for banking and other sites

I am surprised no one mentioned #3. One of the most common exploits it to snag your password when you are logging into Facebook or something, and then go use it on your bank because you were too lazy to have a different one.

Personally, I just focus on these three simple steps. I would never use a VPN. If some dude can still crack me he isn't going to be messing around breaking into my bank account in some bar in the BVI. There is no distance on the Internet, he'll be at home hacking something far more fruitful.
__________________
Sailing With Kids Blog
Three mini-pirates scour the Caribbean Seas with stops for ice cream and legos
vtsailguy is offline   Reply With Quote
Old 13-09-2013, 10:58   #98
Registered User
 
svseachange's Avatar

Join Date: Aug 2012
Location: East Coast of Australia
Boat: Custom Steel 43 ft
Posts: 781
Quote:
Originally Posted by vtsailguy View Post
Personally, I just focus on these three simple steps.
Darn good advice.
__________________
svseachange is offline   Reply With Quote
Old 13-09-2013, 13:17   #99
֍֎֍֎֍֎֍֎֍֎

Cruisers Forum Supporter

Join Date: Apr 2006
Posts: 13,056
Re: Can we dispel this WiFi myth?

"I am surprised no one mentioned #3."
See msg #92, that information was in fact hidden in plain sight and further obfusticated by not specifically saying "banking".
__________________

__________________
hellosailor is offline   Reply With Quote
Reply

Tags
paracelle

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 22:18.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.