Using an unsecured WiFi signal

Anybody?

Hang on, Swimpy.....I'm just reading through your emails and bank account details which may take a little time.

And who on earth uses "fluffybunny" as a password anyway?

I'll get back to you as soon as I've transferred some of your money to my holiday account.

Here's an article to help you out...

http://pogue.blogs.nytimes.com/2007/01/04/04pogue-email/


The main thing is to make sure you only use secure websites.

You're a funnyoldgoat, which, coincidentally, is my actual password.

Thanks, parados. If someone can easily see my activities, does that mean they can get my passwords? I never do banking or things like that on a public WiFi, and my email messages are pretty mundane. I just wonder if the iPod is more or less eavesdroppable than a laptop.

Nope. They are both equally terrible when using an unsecured wi-fi network. Really you should avoid those at all cost, if you are going to be typing in any password or sensitive data at all.

Cycloptichorn

So it's the keystrokes they can see not the stored password files?

When browsing, see if your webpages work over a secure http-connection. (Check if the URL begins with "https" rather than "http".

When reading e-mail, check that both your incoming and your outgoing connection use the "secure socket layer" (SSL). On my iPhone, I do this by going to "Settings->Mail, Contacts Calendars->Your Account. Then I click "SMTP" for my outgoing mail and "Advanced" for my incoming mail, and say "use SSL". I can't guarantee that the menus are laid out the same way on your iPod Touch, but I wouldn't expect them to be radically different.

Passwords? Again, it depends on your connection. Check for the "s" in "https" on any page where you enter a password. Any password you enter over a mere "http" connection can be read by intermediates.

Hmm...that's a little tricky on the Touch. For example, this website we're on right now isn't secure as far as I can tell. The URL address bar doesn't show the http part. I need to check my email settings. Thanks, T.

Using secure sites (i.e. with the https, and the little lock symbol) are reasonably safe. The are safe enough even on public wifi. Banks use https. There isn't too much risk to logging onto your bank with your laptop on a public network (I would never use a public laptop to do this, but that is a different issue).

Of course, if you log on to an unsecure site, such as able2know, there are lots of ways for people in the room to get your password. I actually use able2know from public networks because I don't think there is much risk to someone wanting to use my able2know account (they certainly won't make any money). If someone gets my able2know password, no biggie.

Of course this brings up one of the biggest blunders people make on their internet security-- internet passwords.

If your bank password (that is the key to real money) is the same as your able2know password (that is key to messages that aren't worth any money), you are making a real stupid mistake.

For that matter, if you able2know password is the same as your email account password, you are making the same stupid mistake in a little more indirect way. If I have your email account password, I can tell your bank that I am you and the bank will send a password reset message to your email which (since I have your email password) I can receive.

In summary, it is very important that your email password is completely different than you bank password which is completeley different from the passwords you use for anything else (i.e. social media).

Those are some good points, Max. Thanks.

A2K doesn't need to be all that secure anyway, because our communications here aren't terribly secret. When anyone can read your posts on the website, why bother intercepting what you're posting? But when I'm on A2K or similar sites, I never use the same password that I also use for banking, or for any use that needs to be private.

... or in other words, listen to maxdancona.

Thanks, max. I suppose those are good suggestions whether you're on a WiFi link or not. I do have a separate password for this site and another much more safe one for banking. I don't do my banking at WiFi cafes and such.

This queeziness started when I was at an oasis on I-90. There was wireless and I wanted to Google something. There was a guy just sitting with his laptop a table or two away. For some reason I got paranoid and thought, "What if he can see what I'm doing?"

I figured that anonymous web surfing is pretty low risk, but wasn't really sure what these hacking programs can see once they lock into your signal.

They can see everything you send out and get back. Even if you use an https site they can log all the packets you send and then spend the next year breaking the encryption to try to steal passwords or other info. It can be done but in most cases no one would bother.


I won't go into how they can make attacks on your computer itself. Unless you have enabled remote desktop or another remote access program, they won't have too many ways in to steal files.

Yeah. I can think of several other possible attack vectors over an unsecured wi-fi signal as well, not the least of which is spoofing the router and doing a full intercept, in the way Parados described.

I really don't recommend logging into ANYTHING over an unsecured connection.

Cycloptichorn

I have to disagree.

When you use an untrusted network (wireless or wired), you open yourself up to a man-in-the-middle, or relay, attack.

There are free tools to allow the capture of passwords even if you are using HTTPS, because the attacker pretends to be the secure site. You talk to the attacker, the attacker talks to your bank, and just quietly gathers the info for later use.

Is that true for smart phones and other wireless devices? Can they be intercepted in the same way?

For data transmitted over a wi-fi connection, yes - they are just computers, after all.

Cycloptichorn