Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 03-09-2013, 04:50   #1
Registered User
 
svseachange's Avatar

Join Date: Aug 2012
Location: East Coast of Australia
Boat: Custom Steel 43 ft
Posts: 781
Can we dispel this WiFi myth?

"If I use a non-secure WiFi network my (Bank/Email/Blog) password will be stolen!".
I hear this refrain over and over again from fellow cruisers.

Using a non-secure WiFi network is no less than using any other connection to the Internet.

WiFi security is intended to protect the owner of the network from unauthorized use. The benefit to the end user is a more reliable connection (because there are fewer unauthorized users).

A non-secure WiFi network may even be more secure than other connections because your device is usually hidden behind the marina's router (ie: when connected to a WiFi network it is less likely you will be assigned a public IP address).

The best way to ensure your web browser usage is secure is to ensure the site you are using has an Internet address starting with "https". This ensures all communications between your web browser and the server will be encrypted using SSL.

__________________

__________________
svseachange is offline   Reply With Quote
Old 03-09-2013, 05:35   #2
Registered User
 
capt-couillon's Avatar

Join Date: Mar 2013
Location: Onboard (Boot Key Harbor)
Boat: Cornado 25
Posts: 494
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by shanedennis View Post

Using a non-secure WiFi network is no less than using any other connection to the Internet.
Ahh.... Not so grashopper.


By its very nature a non-secure (ie: non encrypted) wifi network is open to abuse. How likely is that to happen at your local marina? Probably less than at the local coffee shop hotspot, and certainly less than at a major airport. In general many folks have fallen victim to the "Security" hype and FUD (fear, uncertainity and doubt) generated by individuals interested in marketing a "cure".

But, the fact is while I feel the risk of using a public access point is well within my comfort zone, one should understand the risk does exist. Another fact is that if I want your Blog or Email passwords their are other and probably easier methods to obtain them than setting up a packet sniffer or a man in the middle machine at the local marina.

Having said all that, I do have to agree with the general theme of the OP.
If you are really worried, quit handing your gold card to the waitress.

"Submitted via Non-secure WiFi Network"
__________________

__________________
"It seemed like a good idea at the time"
capt-couillon is offline   Reply With Quote
Old 03-09-2013, 05:40   #3
Registered User

Join Date: May 2006
Posts: 461
Re: Can we dispel this WiFi myth?

Does anyone have a first hand example of their bank details being stolen over an unsecured wifi connection and then funds being withdrawn from their account????

I've never heard of one, except someones mothers/sisters friend etc
__________________
Fuss is offline   Reply With Quote
Old 03-09-2013, 05:56   #4
Wayfaring Mariner
 
captain58sailin's Avatar

Cruisers Forum Supporter

Join Date: Mar 2009
Location: Homer, AK is my home port
Boat: Skookum 53'
Posts: 4,045
Images: 5
Re: Can we dispel this WiFi myth?

Does using a VPN keep you anymore secure on a unsecured public Wi Fi network?
__________________
" Wisdom; is your reward for surviving your mistakes"
captain58sailin is offline   Reply With Quote
Old 03-09-2013, 05:59   #5
Registered User

Join Date: Nov 2011
Location: The Netherlands
Boat: Baltic 38DP
Posts: 333
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by Fuss View Post
Does anyone have a first hand example of their bank details being stolen over an unsecured wifi connection and then funds being withdrawn from their account????

I've never heard of one, except someones mothers/sisters friend etc
This is quite funny, I think. So someone here that you've never met nor may never meet posts something here that might or might not be true, and this would give you more confidence that you're experiencing a first-hand account?

W.r.t. unsecure WIFI connections - they are just that. Unsecure. Doesn't mean anyone will take advantage of them, but doesn't mean it is a myth either.


Onno
__________________
JazzyO is offline   Reply With Quote
Old 03-09-2013, 06:04   #6
Registered User
 
Group9's Avatar

Join Date: Sep 2010
Posts: 1,599
Images: 7
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by capt-couillon View Post

Having said all that, I do have to agree with the general theme of the OP.
If you are really worried, quit handing your gold card to the waitress.

"Submitted via Non-secure WiFi Network"
Number one way, bit a huge margin, that your information gets compromised. It's a major industry in Miami for instance. Scammers pay waiters a hundred bucks a night to skim every card into a data collector.
__________________
Cruising again!
Group9 is offline   Reply With Quote
Old 03-09-2013, 06:08   #7
Registered User

Join Date: May 2006
Posts: 461
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by JazzyO View Post
This is quite funny, I think. So someone here that you've never met nor may never meet posts something here that might or might not be true, and this would give you more confidence that you're experiencing a first-hand account?

W.r.t. unsecure WIFI connections - they are just that. Unsecure. Doesn't mean anyone will take advantage of them, but doesn't mean it is a myth either.


Onno
I think its a myth.
I would be surprised if we have a first hand wifi bank account theft posted here.
__________________
Fuss is offline   Reply With Quote
Old 03-09-2013, 06:24   #8
Registered User
 
Mike OReilly's Avatar

Join Date: Sep 2011
Location: Good question
Boat: Rafiki 37
Posts: 4,023
Re: Can we dispel this WiFi myth?

Quote:
Originally Posted by capt-couillon View Post
By its very nature a non-secure (ie: non encrypted) wifi network is open to abuse. How likely is that to happen at your local marina? Probably less than at the local coffee shop hotspot, and certainly less than at a major airport. In general many folks have fallen victim to the "Security" hype and FUD (fear, uncertainity and doubt) generated by individuals interested in marketing a "cure".
Capt., can you explain a bit more how a non-secure wifi connection can be abused? I assume the nefarious character must intercept the data before it hits the secure server, say at your bank. The data transactions on the bank servers are pretty secure, so the risk is computer to router, correct? How would it be intercepted?

BTW, I'm not looking for a detailed how-to. I don't want to, and don't want anyone else to do it either. But I'm curious about what technology, what set up, would be required. This would help me assess the risk of using my own computer to connect via a public access wifi to my bank.
__________________
Why go fast, when you can go slow.
BLOG: www.helplink.com/CLAFC
Mike OReilly is offline   Reply With Quote
Old 03-09-2013, 06:27   #9
Marine Service Provider
 
AnchorageGuy's Avatar

Join Date: Mar 2003
Location: Wherever the boat is!
Boat: Marine Trader 34DC
Posts: 4,618
Re: Can we dispel this WiFi myth?

Here's a little something I put together on just that subject, The Trawler Beach House: Open WiFi On The Boat And Firesheep And Other Man-made Disasters . Chuck
__________________
Chesapeake Bay, ICW Hampton Roads To Key West, The Gulf Coast, The Bahamas

The Trawler Beach House
Voyages Of Sea Trek
AnchorageGuy is offline   Reply With Quote
Old 03-09-2013, 06:34   #10
Registered User
 
capt-couillon's Avatar

Join Date: Mar 2013
Location: Onboard (Boot Key Harbor)
Boat: Cornado 25
Posts: 494
Re: Can we dispel this WiFi myth?

Quote:
Capt., can you explain a bit more how a non-secure wifi connection can be abused?
Give me a few to poke up a couple of diagrams.. Picture is worth a thousand words.
__________________
"It seemed like a good idea at the time"
capt-couillon is offline   Reply With Quote
Old 03-09-2013, 06:50   #11
Freelance Delivery Skipper..
 
boatman61's Avatar

Community Sponsor
Cruisers Forum Supporter

Join Date: Jan 2010
Location: UK/Portugal
Posts: 20,194
Images: 2
Send a message via Skype™ to boatman61
pirate Re: Can we dispel this WiFi myth?

There are programs on the market that can access your laptop however getting my Bank passwords is impossible... my Bank supplies a card with different combinations so although my user name can be obtained.. no way can they get into the Banks site as each time a new password is requested...
IE; column D row A + column E row B for example.. 3 numbers/letters from each selection...
__________________


Born To Be Wild
boatman61 is online now   Reply With Quote
Old 03-09-2013, 06:51   #12
Registered User
 
bbowers2004's Avatar

Join Date: May 2013
Location: Bahmamas
Boat: Westerly Centaur 26'
Posts: 298
Send a message via AIM to bbowers2004 Send a message via MSN to bbowers2004 Send a message via Yahoo to bbowers2004 Send a message via Skype™ to bbowers2004
Re: Can we dispel this WiFi myth?

When I was in the Middle East, we had queit a few people come up with missing money. Usually charged to things such as "Walmart" using a non-secure line. There are different type of "phising" schemes out there that could be used as a potential buffer inbetween your connection and the internet. Usually you are safe if using a known non-secure, say its a boat marina, etc... rather then a network just listed as "dlink" that seems like a good jump off point. The reason being, this could be a potential theif setting you up to use his "proxy" that he will read every message sent through, which is much less likely on a marina switch.

As far as them "stealing" all your money. It is figured in todays market that people who steal, don't want to be on the run or get caught; so when you are off shopping on the internet and running your card once, twice, three times.... What is the forth charge for4 dollars at the slip for? That he went phishing right under your nose. They say this is the more common theft method prefered today, because you can get away with it, and hardly anyone bats an eye at the little missing pennies.

Keep a keen watch on your statements, and be sure to always use a secure browser. More times then not if you use paypal, and other accredited sites, with an added bonus of a Secure Credit Card Insurance, you will be covered on any identity theft issues.


We switched to a secure line and no longer had any issues. Although I have never had issues myself.
__________________
"My goal in sailing isn't to be brilliant or flashy in individual races, just to be consistent over the long run." - Dennis Conner
Follow our Globe Circumnavigation:
http://jillionsvoyage.blogspot.de/
bbowers2004 is offline   Reply With Quote
Old 03-09-2013, 07:19   #13
Nearly an old salt
 
goboatingnow's Avatar

Cruisers Forum Supporter

Join Date: Jun 2009
Posts: 13,649
Images: 3
Quote:
Originally Posted by shanedennis View Post
"If I use a non-secure WiFi network my (Bank/Email/Blog) .......

Using a non-secure WiFi network is no less than using any other connection to the Internet.

WiFi security is intended to protect the owner of the network from unauthorized use. The benefit to the end user is a more reliable connection (because there are fewer unauthorized users).

A non-secure WiFi network may even be more secure than other connections because your device is usually hidden behind the marina's router (ie: when connected to a WiFi network it is less likely you will be assigned a public IP address)
Several inaccuracies here.

First what you call secure wifi are wifi that implement encryption, wep , wpa etc result In encrypted wireless traffic. Hence such traffic is actually more secure then cabled networks.

It's not an access control system per say as there is no way to control individual users.

The assignment of public IPs has nothing to do with wifi encryption. In almost all cases due to the scarcity of public ipV4 address space., you will be behind a NAT ( network address translation) and hence be handled out a private non routable IP address ( like 192.168.x.x )

Dave
__________________
Check out my new blog on smart boat technology, networking and gadgets for the connected sailor! - http://smartboats.tumblr.com
goboatingnow is offline   Reply With Quote
Old 03-09-2013, 07:25   #14
Registered User
 
svseachange's Avatar

Join Date: Aug 2012
Location: East Coast of Australia
Boat: Custom Steel 43 ft
Posts: 781
Re: Can we dispel this WiFi myth?

As long as you use https (SSL) for your transactions you are safe. It is practically impossible for anybody intercept modern SSL transactions. Not impossible, but practically impossible.

Hardening your machine (ie: firewall, antivrus) to prevent compromise is something you should do on any network. WiFi. Cell. Internet cafe. I would argue using an Internet Cafe computer is the least safe option. You are always best off using your own, hardened machine.

The whole Internet, is in effect, one big open, non-secure WiFi network. That is the beauty of it, of course.
__________________
svseachange is offline   Reply With Quote
Old 03-09-2013, 07:30   #15
Registered User
 
capt-couillon's Avatar

Join Date: Mar 2013
Location: Onboard (Boot Key Harbor)
Boat: Cornado 25
Posts: 494
Re: Can we dispel this WiFi myth?

Sorry Gfx taking too long to play with.. will try explanation instead

Unsecured wifi network = No encryption between user and wifi router.
If I have a good wifi NIC and packet-sniffer software I can obtain any plain text traffic between your machine and the internet. Notice "plain text".
Banks, Merchants, etc that use https (http-secure) insert an SSL encryption layer into the http protocol so that while I may be able to eavesdrop I cannot decrypt packets.

Secured wifi network = trafic between user and wifi router encrypted. Mileage may vary depending on encryption scheme. NOT encrypted beyond wifi router. With good wifi NIC and some software I may or may not be able to join the network and eavesdrop depending on Encryption scheme.

VPN = virtual private network. Protocol to set up Secure WAN over internet. Not really germaine to this discussion unless you are maybe telecommuting. As secure as whover set it up makes it. Independent of wifi encryption.

Basicly the biggest vulnerability of wifi is the fact that I can access it without physical connection. Although I could just as easily tap into your dsl connection via the phone pylon on the corner of the street so nothing is really secure.

As to banking online, the systems are extremely secure, and banks themselves transfer billions a day via the net with no problems.
__________________

__________________
"It seemed like a good idea at the time"
capt-couillon is offline   Reply With Quote
Reply

Tags
paracelle

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 09:09.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.