Sunday, April 22, 2007

 

Beware public wi-fi

Are you reading this from a coffee shop? Or perhaps the parking lot of the Wharfinger? Someone might be reading over your digital shoulder.

The LA Times demonstrates how easy it is to tap into other people’s internet activity in a public wifi “hotspot.”

No one in the evening crowd at a Starbucks in Pasadena knew Humphrey Cheung.

But Cheung, quietly sipping hot chocolate and working on his laptop, knew things about them.

Several tables away was a guy sitting alone with his own laptop. "He's starting a business," Cheung said. And the young couple in the far corner? "They're getting married," he confided.

Cheung isn't psychic. He had hacked into the coffee shop's wireless Internet connection on his Toshiba laptop. It took him all of about five minutes to do so, using free software available online.

So if you’re secretly running an anonymous blog don’t do it from Has Beans.


permalink I posted by Heraldo Riviera @ 6:57 PM
Comments:
I still wonder just how much a firewall helps secure your computer when you're using wireless?

I'm sure you can still be hacked, but it must help some.
# posted by Blogger Fred : 4/22/2007 08:07:00 PM
 
You'd be crazy to use public wifi without a firewall. The LA Times article says your email can't be hacked if it starts with "https" rather than "http."
# posted by Blogger Heraldo Riviera : 4/22/2007 08:19:00 PM
 
In other words, a firewall is unlikely to protect you in the coffee shop scenario. Especially as far as general web surfing goes.
# posted by Blogger Heraldo Riviera : 4/22/2007 08:22:00 PM
 
Has Beans SUCKS. Go anywhere but Has Beans.
# posted by Anonymous Anonymous : 4/22/2007 08:46:00 PM
 
Firewalls are for preventing intrusion into your laptop. When you do e-mail or web over WiFi you are sending data into the air by radio wave from your laptop to the wireless router. Once your data is in the air, anyone can sniff it, not just the router.

If a web page begins with "https" it means the data is encrypted. That doesn't mean foolproof protection, just more difficult to access.

Anything else, especially regular e-mail transfers, are totally open and accessible to anyone with a minimum amount of savvy and the inclination to go looking.

I'll never use a WiFi network that doesn't require a login. Check out HSU. You can't use most of their WiFi without a campus account. They make you login to use the web, any web site, not just campus web sites.
# posted by Anonymous Anonymous : 4/22/2007 09:52:00 PM
 
Does the average user need that much security? If I'm using my laptop to browse or blog or email friends or Skype at a coffee shop using their wireless, do I really need to care that much? If someone is trying to hack me, so what...most of my correspondence is not very interesting to people I don't know.

If I want to send some confidential info, or make a secure transaction, I use my home desktop system over my hard-wired DSL line.

I try not to say anything in an email -- even email I send from my desktop -- that I don't want public. I don't always succeed, but I try to always assume my email account has been hacked. At least I made that assumption when I worked on a local campaign last fall.
# posted by Anonymous Andrew Bird : 4/22/2007 10:56:00 PM
 
I try to always assume my email account has been hacked.

That's a wise assumption in today's climate.
# posted by Blogger Heraldo Riviera : 4/22/2007 11:12:00 PM
 
I have said it once, and I will say it again. Use a public wi-fi network that does not require a login, and I will have total access not just to your e-mail, but every file on your computer. Unless that file is encrypted I will be able to read it. As anon 9:52 said, firewalls are for preventing intrusion into your laptop, but I will bet anything that unless you know exactly to set it up I could get through it like a knife through soft butter.
# posted by Blogger Hayduke : 4/22/2007 11:14:00 PM
 
So I should stop calling up porn in coffee houses? Damn!
# posted by Blogger Eric V. Kirk : 4/22/2007 11:29:00 PM
 
Yer busted Eric, you pervert.
# posted by Anonymous Anonymous : 4/22/2007 11:40:00 PM
 
Actually if I wanted to look at porn I would probably rather look at my picks as opposed to yours, but it is true if you are looking at in the coffee shop someone will know, and they won't have to look at your screen either. But what I would really be concerned about is your personal files and possibly personal data. The biggest danger is all your passwords are on the machine, and if you know where to look (and I do for example), I can copy them. And unless you use very robust passwords, they can easily be cracked. With that someone can engage in all kinds of mischief including possibly hacking into your bank account, ordering goods in your name, and even blogging as you (gasp!).
# posted by Blogger Hayduke : 4/22/2007 11:44:00 PM
 
Yer busted too, Hayduke! Fork over the cash and I'll keep quiet about... you know.
# posted by Anonymous Anonymous : 4/22/2007 11:52:00 PM
 
So if you’re secretly running an anonymous blog don’t do it from Has Beans.

Maybe that's actually how Buhner was busted.

Damn. I'm one step ahead of 'em. Packing for Tijuana tonight, and taking my pervert lawyers, guns and money with me.
# posted by Anonymous Anonyblogger : 4/23/2007 12:00:00 AM
 
Andrew, do you care if I have your phone tapped and listen to your conversations? It's the same thing online, except average people can actually monitor everything you do from WiFi. If you're fine with being an exhibitionist, OK.
# posted by Anonymous Anonymous : 4/23/2007 12:13:00 AM
 
We all know that it isn't just a matter of keeping our porn preferences private, don't we? I mean, do we all know what a royal pain it is to have one's identity stolen? Not just money, but time and aggravation. When people say they think I'm wired, these days, I smile proudly and say, "You bet I am!"
# posted by Anonymous Anonymous : 4/23/2007 12:51:00 AM
 
12:13...

I don't like the idea of being hacked while using public WiFi, but I accept there is little I can do about the possibility that is happening.

I didn't fully realize until reading some of the comments here that a hacker monitoring me at a cafe in Eureka could easily find my passwords. I keep most sensitive information on my desktop. Aside from usernames and passwords, there is very little on my laptop.

Thanks for the education, hayduke. Great topic, Heraldo.
# posted by Anonymous Andrew Bird : 4/23/2007 06:34:00 AM
 
Yep, login to any web site that isn't encrypted (most are not encrypted) and you are sharing your username and password with the world.
# posted by Anonymous Anonymous : 4/23/2007 09:11:00 AM
 
I figured there was always the possibility of hackers with or without wi-fi.
# posted by Blogger Carol : 4/23/2007 10:18:00 AM
 
This subject is too complicated to fully explain over a blog thread, but I simply wanted to raise people's awareness of the potential exposure to having personal information "stolen" in this wired age. Firewalls are good, and the most effective ones tend to reside in the Router ... for you non-technical types that is the device you have between you and the wide area network (DSL, Cablemodem) and even the Router itself is a bit of a firewall. So on a desktop at home you are usually better protected. On a notebook computer sitting in a coffee shop, you are all on the same side of the router, and basically interconnected with all the others in the same location. So the person at the next table that appears to be looking at the stock market may instead be rooting around inside of your machine without your knowledge.
# posted by Blogger Hayduke : 4/23/2007 11:43:00 AM
 
Wow. It sure pays to have a little basic knowledge about this internet stuff.
# posted by Anonymous Anonymous : 4/23/2007 12:42:00 PM
 
What about hotel wi-fi use? Easy to hack? Most have you sign in - protection?
# posted by Anonymous ED Denson : 4/23/2007 05:24:00 PM
 
From what I understand (not much) the sign-in offers some measure of greater protection. Maybe you have to register through the hotel.

Otherwise, someone with software downloaded free from the internet can sit in their car outside the hotel and monitor your business.
# posted by Blogger Heraldo Riviera : 4/23/2007 05:31:00 PM
 
ED Denson said...
What about hotel wi-fi use? Easy to hack? Most have you sign in - protection?

Places where we have lodged and have wi-fi have required a loggin and password that they give you. Does that protect you? Sometimes my laptop picks up many signals.
# posted by Blogger Carol : 4/23/2007 06:44:00 PM
 
I was afraid this was going to get complicated. I would have to know more about the particular hotel and the id/password they gave you, but they are quite possibly at a minimum giving you what is called Wi-FI Protected Access (WPA). This prevents unauthorized access so someone sitting in a car outside your window cannot gain access to the network and it also encrypts the data. This OK for casual data, and much better than nothing, but this can be "hacked" and the key discovered, and then that person can gain network access. But you have to see a lot of data to do this so for for hotels it is usually good enough.

But if they are doing their job really well, the password would actually be a Wired Equivlent Privacy (WEP) key, which also encrypts the data being transferred around the local WI-Fi network (hotel). This is very powerful security, and pretty much not crackable. It is what I use on my local wireless network. I am not aware of any hotels using this form of security, but they could if they wanted to do so.

It is quite common for a a laptop to pick up all sorts of wireless networks, and many of them are not secured. Commerical establishments like warehouses are particulary bad about security, so all you have to od is drive up on the street next to the building, and you can access the Internet, send and receive mail, and if you were of a mind to do so check their inventory.

Hope some of this helps. Sorry it is so technical.
# posted by Blogger Hayduke : 4/23/2007 08:51:00 PM
 
Thanks for the info, Hayduke. Most people don't have these facts rolling around in the back of their head.
# posted by Blogger Heraldo Riviera : 4/23/2007 09:49:00 PM
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?