Can we dispel this WiFi myth?

[svseachange]

"If I use a non-secure WiFi network my (Bank/Email/Blog) password will be stolen!".
I hear this refrain over and over again from fellow cruisers.

Using a non-secure WiFi network is no less than using any other connection to the Internet.

WiFi security is intended to protect the owner of the network from unauthorized use. The benefit to the end user is a more reliable connection (because there are fewer unauthorized users).

A non-secure WiFi network may even be more secure than other connections because your device is usually hidden behind the marina's router (ie: when connected to a WiFi network it is less likely you will be assigned a public IP address).

The best way to ensure your web browser usage is secure is to ensure the site you are using has an Internet address starting with "https". This ensures all communications between your web browser and the server will be encrypted using SSL.

[capt-couillon]

Quote:

Originally Posted by shanedennis

Using a non-secure WiFi network is no less than using any other connection to the Internet.

Ahh.... Not so grashopper.


By its very nature a non-secure (ie: non encrypted) wifi network is open to abuse. How likely is that to happen at your local marina? Probably less than at the local coffee shop hotspot, and certainly less than at a major airport. In general many folks have fallen victim to the "Security" hype and FUD (fear, uncertainity and doubt) generated by individuals interested in marketing a "cure".

But, the fact is while I feel the risk of using a public access point is well within my comfort zone, one should understand the risk does exist. Another fact is that if I want your Blog or Email passwords their are other and probably easier methods to obtain them than setting up a packet sniffer or a man in the middle machine at the local marina.

Having said all that, I do have to agree with the general theme of the OP.
If you are really worried, quit handing your gold card to the waitress.

"Submitted via Non-secure WiFi Network"

[Fuss]

Does anyone have a first hand example of their bank details being stolen over an unsecured wifi connection and then funds being withdrawn from their account????

I've never heard of one, except someones mothers/sisters friend etc

[captain58sailin]

Does using a VPN keep you anymore secure on a unsecured public Wi Fi network?

[JazzyO]

Quote:

Originally Posted by Fuss

Does anyone have a first hand example of their bank details being stolen over an unsecured wifi connection and then funds being withdrawn from their account????

I've never heard of one, except someones mothers/sisters friend etc

This is quite funny, I think. So someone here that you've never met nor may never meet posts something here that might or might not be true, and this would give you more confidence that you're experiencing a first-hand account?

W.r.t. unsecure WIFI connections - they are just that. Unsecure. Doesn't mean anyone will take advantage of them, but doesn't mean it is a myth either.


Onno

[Group9]

Quote:

Originally Posted by capt-couillon

Having said all that, I do have to agree with the general theme of the OP.
If you are really worried, quit handing your gold card to the waitress.

"Submitted via Non-secure WiFi Network"

Number one way, bit a huge margin, that your information gets compromised. It's a major industry in Miami for instance. Scammers pay waiters a hundred bucks a night to skim every card into a data collector.

[Fuss]

Quote:

Originally Posted by JazzyO

This is quite funny, I think. So someone here that you've never met nor may never meet posts something here that might or might not be true, and this would give you more confidence that you're experiencing a first-hand account?

W.r.t. unsecure WIFI connections - they are just that. Unsecure. Doesn't mean anyone will take advantage of them, but doesn't mean it is a myth either.


Onno

I think its a myth.
I would be surprised if we have a first hand wifi bank account theft posted here.

[Mike OReilly]

Quote:

Originally Posted by capt-couillon

By its very nature a non-secure (ie: non encrypted) wifi network is open to abuse. How likely is that to happen at your local marina? Probably less than at the local coffee shop hotspot, and certainly less than at a major airport. In general many folks have fallen victim to the "Security" hype and FUD (fear, uncertainity and doubt) generated by individuals interested in marketing a "cure".

Capt., can you explain a bit more how a non-secure wifi connection can be abused? I assume the nefarious character must intercept the data before it hits the secure server, say at your bank. The data transactions on the bank servers are pretty secure, so the risk is computer to router, correct? How would it be intercepted?

BTW, I'm not looking for a detailed how-to. I don't want to, and don't want anyone else to do it either. But I'm curious about what technology, what set up, would be required. This would help me assess the risk of using my own computer to connect via a public access wifi to my bank.

[AnchorageGuy]

Here's a little something I put together on just that subject, The Trawler Beach House: Open WiFi On The Boat And Firesheep And Other Man-made Disasters . Chuck

[capt-couillon]

Quote:

Capt., can you explain a bit more how a non-secure wifi connection can be abused?

Give me a few to poke up a couple of diagrams.. Picture is worth a thousand words.

[boatman61]

There are programs on the market that can access your laptop however getting my Bank passwords is impossible... my Bank supplies a card with different combinations so although my user name can be obtained.. no way can they get into the Banks site as each time a new password is requested...
IE; column D row A + column E row B for example.. 3 numbers/letters from each selection...

[bbowers2004]

When I was in the Middle East, we had queit a few people come up with missing money. Usually charged to things such as "Walmart" using a non-secure line. There are different type of "phising" schemes out there that could be used as a potential buffer inbetween your connection and the internet. Usually you are safe if using a known non-secure, say its a boat marina, etc... rather then a network just listed as "dlink" that seems like a good jump off point. The reason being, this could be a potential theif setting you up to use his "proxy" that he will read every message sent through, which is much less likely on a marina switch.

As far as them "stealing" all your money. It is figured in todays market that people who steal, don't want to be on the run or get caught; so when you are off shopping on the internet and running your card once, twice, three times.... What is the forth charge for4 dollars at the slip for? That he went phishing right under your nose. They say this is the more common theft method prefered today, because you can get away with it, and hardly anyone bats an eye at the little missing pennies.

Keep a keen watch on your statements, and be sure to always use a secure browser. More times then not if you use paypal, and other accredited sites, with an added bonus of a Secure Credit Card Insurance, you will be covered on any identity theft issues.


We switched to a secure line and no longer had any issues. Although I have never had issues myself.

[goboatingnow]

Quote:

Originally Posted by shanedennis

"If I use a non-secure WiFi network my (Bank/Email/Blog) .......

Using a non-secure WiFi network is no less than using any other connection to the Internet.

WiFi security is intended to protect the owner of the network from unauthorized use. The benefit to the end user is a more reliable connection (because there are fewer unauthorized users).

A non-secure WiFi network may even be more secure than other connections because your device is usually hidden behind the marina's router (ie: when connected to a WiFi network it is less likely you will be assigned a public IP address)

Several inaccuracies here.

First what you call secure wifi are wifi that implement encryption, wep , wpa etc result In encrypted wireless traffic. Hence such traffic is actually more secure then cabled networks.

It's not an access control system per say as there is no way to control individual users.

The assignment of public IPs has nothing to do with wifi encryption. In almost all cases due to the scarcity of public ipV4 address space., you will be behind a NAT ( network address translation) and hence be handled out a private non routable IP address ( like 192.168.x.x )

Dave

[svseachange]

As long as you use https (SSL) for your transactions you are safe. It is practically impossible for anybody intercept modern SSL transactions. Not impossible, but practically impossible.

Hardening your machine (ie: firewall, antivrus) to prevent compromise is something you should do on any network. WiFi. Cell. Internet cafe. I would argue using an Internet Cafe computer is the least safe option. You are always best off using your own, hardened machine.

The whole Internet, is in effect, one big open, non-secure WiFi network. That is the beauty of it, of course.

[capt-couillon]

Sorry Gfx taking too long to play with.. will try explanation instead

Unsecured wifi network = No encryption between user and wifi router.
If I have a good wifi NIC and packet-sniffer software I can obtain any plain text traffic between your machine and the internet. Notice "plain text".
Banks, Merchants, etc that use https (http-secure) insert an SSL encryption layer into the http protocol so that while I may be able to eavesdrop I cannot decrypt packets.

Secured wifi network = trafic between user and wifi router encrypted. Mileage may vary depending on encryption scheme. NOT encrypted beyond wifi router. With good wifi NIC and some software I may or may not be able to join the network and eavesdrop depending on Encryption scheme.

VPN = virtual private network. Protocol to set up Secure WAN over internet. Not really germaine to this discussion unless you are maybe telecommuting. As secure as whover set it up makes it. Independent of wifi encryption.

Basicly the biggest vulnerability of wifi is the fact that I can access it without physical connection. Although I could just as easily tap into your dsl connection via the phone pylon on the corner of the street so nothing is really secure.

As to banking online, the systems are extremely secure, and banks themselves transfer billions a day via the net with no problems.