Can we dispel this WiFi myth?

[Sea Frog]

I think properly exectuted banking system can be accessed from even the most compromized and sniffed network, without worries. OK, they get my session password, what next? It is one time only. To transfer funds I need to verify by entering code from SMS, or use more one time passwords. The sensitive info expires before it can be used by bad guys (if the banking system is properly built, of course). I think that sniffing of your mail login/password pair is more dangerous because it can be used to access specific info that can be used to social engineer you and YOU will willingly transfer them the money

[jongleur]

o_q:

Thanks for that, but upon googling VPN
I'm now more confused than ever. After
spending time looking at just one VPN
provider site (AT&T), the choices are
mindboggling. And there's no reference
to cost. Would it be $1/month? or $1000/
month? Does one need new hardware?

My guess is that the posters on this
thread that are using the acronyms
already understand what they need
to do. Those of us who don't, well,
we're the ones who are screwed.

[Liltttzr]

Quote:

Originally Posted by o_q

What this sounds like to me is that he knows at least how to sniff packets, and he reads websites like metasploit. However, this is besides the point, and means nothing if the bottom line is that your VPN traffic is encrypted. Going on about the possibilities of what hackers can do, comes off as someone whose intention is to scare you. Did he specifically say that VPNs aren't secure? Or did he just show you that he caught a packet while you were using VPN, and you assumed it wasn't safe?

o-q "metasploit"??? lost me on that one. Maybe he is just trying to scare me. Could not answer that one "little one would probally love getting one over on dad. But about the VPN, I have to use Cisco anyconnect to VPN into the corp from remote sites and thought our net work was secure. So he had me log in and was able to show me exactly what I sent into HQ. Like I said, I do not know. I was just giving answer to the OP because my son showed me this and it was in person. You seem to have much more of a working knowlage of these things than I. I do wish I had more workings with the software and hardware end of these things. But maybe after retirement. No use for WIFI under ground in the dirt. Only when I come out do I have to do expences and reports with e-mail..

[captain58sailin]

I signed up with "Strong VPN" the cost was 55 USD per annum. The one I had before was 195 so the price is coming down. Considering what is at stake, it seems a small price to pay.

[nimblemotors]

You don't need a VPN (Virtual Private Network) for secure banking.
All banks have only secured, encrypted HTTPS web access.
The data from your computer to the bank computer is encrypted before it leaves your computer, so the wireless system is not relevant.

What someone can find out by sniffing the wireless data (which is trivial to do),
is seeing what websites you are visiting, including which bank you use.
So it is more a privacy issue than a security issue.

[pbiJim]

When I lived in Phoenix, the 16 year old kid next door broke the 128-bit WEP encryption on my WiFi & leached off of my connection for a few months. I never had any bank info on my computer there, so there was really not much for anyone to steal. The worst thing that he could have gotten was the passwords to my e-mail accounts.

I stopped doing internet banking after my account number & password got stolen when I used a computer in a hotel that I was staying at.

WiFi is not secure. Google has admitted publicly that they have "accidentally" collected a great many passwords in their roaming data collection vans. They've been fined for it too. This is just one example. Google hit by $7M fine for wifi snooping Street View cars that intercepted emails | Mail Online

[az_r2d1]

WEP encryption was broken years ago and is extremely easy to get into.
WPA has also been broken and almost as easy to get into.
It's just an extra layer. As long as the connection is encrypted with ssl/https you are pretty safe. (never 100%, https is under fire for being insecure now too)
Using a strange computer you do not know is risky. They likely got your information because they had a keylogger running.
Wifi is much more secure.

[goboatingnow]

Quote:

When I lived in Phoenix, the 16 year old kid next door broke the 128-bit WEP encryption on my WiFi & leached off of my connection for a few months. I never had any bank info on my computer there, so there was really not much for anyone to steal. The worst thing that he could have gotten was the passwords to my e-mail accounts.

I stopped doing internet banking after my account number & password got stolen when I used a computer in a hotel that I was staying at.

WiFi is not secure. Google has admitted publicly that they have "accidentally" collected a great many passwords in their roaming data collection vans. They've been fined for it too. This is just one example. Google hit by $7M fine for wifi snooping Street View cars that intercepted emails | Mail Online

128 bit WEP has been broken for years , none with any sense is using it.

remember secure Wifi is just encrypted wifi. any one with the key can decrypt it . its not "secure" many such encryptions can be hacked, but some take a lot of horsepower and persistence

Google only collected data from open wifi networkd, not those "secured"

in my view HTTPS ( i.e. TLS) is as secure as a VPN, using a VPN and HTTPS is in effect merely duplicating things. most VPNS use SSL ( TLS) in essence HTTPS is a VPN.

dave

[svseachange]

Quote:

Originally Posted by goboatingnow

my view HTTPS ( i.e. TLS) is as secure as a VPN, using a VPN and HTTPS is in effect merely duplicating things. most VPNS use SSL ( TLS) in essence HTTPS is a VPN.

Exactly. Most VPNs rely on SSL for encryption. For this reason there is no practical difference in security in security between a browsers SSL connection and a VPN connection.

I use VPNs for work to connect to a private networks. This just makes it easier to securelt work on remote networks and has little practical application for most cruisers.

Rebel Heart brings up an interesting point about some geographical areas being blocked. A VPN is one way of getting around this. Another way would be to get a cheap demand EC2 instance from Amazon for these occasional transactions.

For regular stuff, you are safe as houses making sure you are using HTTPS (SSL) connections.

Open WiFi is fine. Just make sure you only pass sensitive data over https (and never over http). Use your own laptop and never, ever enter anything sensitive on public computers in marinas or Internet cafes

[KneesintheBreez]

What i do is use only one account for purchases -- one card. I keep a low balance in it to assuage just such fears. That way, my potential loss is limited to a certain "low" amount. Then, I monitor the activity in the account for anything "suspicious,"and (usually) finding nothing, I replenish the "active account" as necessary, over the phone (landline). My other, "real money-containing," accounts specifically have no cards or checks assigned, so nothing to steal. And, you are protected from credit card fraudulent activity for 30 days (review your statements! Not so with ATM/Debit charges, and if they get those numbers, you are liable for ALL fraudulent activity! AND, ALWAYS carry a gun. Sure, get a permit. Make them think twice!

[pbiJim]

Quote:

Originally Posted by goboatingnow

128 bit WEP has been broken for years , none with any sense is using it.

I used WEP when I lived in Phoenix. At the time, it was the current technology.

According to my local news reports, the Google vans are able to break higher end encryption as well these days.

I don't study cracking. I'm not up to date on all the details.

[goboatingnow]

Quote:

ed WEP when I lived in Phoenix. At the time, it was the current technology.

According to my local news reports, the Google vans are able to break higher end encryption as well these days.

I have friends who drive the Google cars. They only picked up open wifi networks. Mind you despite Google saying it was "accidental", the cars are fitted with servers with terabytes of storage. !!!!.

And this is a company scanning gmail usage.

Google "do no good" if you ask me.

dave

[pbiJim]

Quote:

Originally Posted by goboatingnow

Google "do no good" if you ask me.

dave

I concur.

But that aside, If Google is able to collect so much data from WiFi systems, then it is only logical to assume that others can do it as well.

[goboatingnow]

Quote:

Originally Posted by pbiJim

I concur.

But that aside, If Google is able to collect so much data from WiFi systems, then it is only logical to assume that others can do it as well.

google was exposed in Germany , under very strict data privacy laws doing "war driving". and yes anyone can do it. Ive done it myself. if you run an open network , it is by definition "open"

dave

[colemj]

Quote:

Originally Posted by goboatingnow

Mind you despite Google saying it was "accidental", the cars are fitted with servers with terabytes of storage. !!!!.

Our TV has 2TB of storage and I am currently carrying 4TB of storage in my pants pocket (no, I am not happy to see you - I just happened to put two drives in my pocket to take them to my computer bag), so it doesn't seem unusual to me for a google car to have this amount given that they are taking high res pictures.

Mark