Question for the Techies about Wifi security

[JJMcClure]

I'm going to be stuck on an exhibition stand all next week and I'm hoping to use my laptop and their free wifi to do some work while I'm there. Is it safe to use wifi with sensitive data like Paypal login info, that sort of thing?

I've googled this but frankly my IT knowledge isn't great and a personal recommendation would really help.

Thanks in advance!

[grynge]

It really depends on the supplier of the wifi, if you trust them then you should be good just make sure all your traffic goes through the ssl version. Any other traffic can be sniffed, or if the supplier is tricky they can use proxies to log all your keystrokes. SSL only encrypts the data between you and the website, if you have open ports on your system or unsafe settings someone else logged onto the same network can scan your system.

[TrustButVerify]

I'm a newbie in this area as well. Where would using a VPN service work into the equation?

[grynge]

I'm a newbie in this area as well. Where would using a VPN service work into the equation?

Using an open network gives multiple points of prying on your traffic. If the bandwidth is run through a router the packets can be copied to cache and looked at by the operator of the network. If the operator of the network hasn't got it secure enough a third person can sniff packets going through the network. Also if you are running an OS with a known vulnerability still open someone on the open network can use that to access your system.


If your VPN is encrypted then even if they sniff the packets they can't really see whats flowing through them, if on the otherhand your VPN is uncrypted then yes the operator and/or third person can still see your packets.

[JJMcClure]

It really depends on the supplier of the wifi, if you trust them then you should be good just make sure all your traffic goes through the ssl version. Any other traffic can be sniffed, or if the supplier is tricky they can use proxies to log all your keystrokes. SSL only encrypts the data between you and the website, if you have open ports on your system or unsafe settings someone else logged onto the same network can scan your system.

Hmmm. Is there any software on the market that can scan your pc and network and tell you all the places you're insecure that you'd recommend?

[grynge]

Hmmm. Is there any software on the market that can scan your pc and network and tell you all the places you're insecure that you'd recommend?

You can use a port scanner to see any open ports, but depending on your OS really depends on what vulnerabilities can be used, if you run windows and keep it uptodate with the latest patches that is a simple start, closing off any unused services that allow for connections from external sources is another thing to do UnPNP/BlueTooth/RemoteDesktopConnection etc.. You could try running a soft firewall like zonealarm/black ice/symantec to see any incoming port requests. I can't recommend anyone in particular as I do hardware firewall.

[JJMcClure]

Man, the only time I've messed around with ports is when I've been trying to solve PC gaming issues, I wouldn't know which ports were problems and which weren't. Ditto with unused services.

Maybe there's a gap in the market here for a product that will do all this stuff for you, like a grown up version of Netnanny (which I just installed on my daughter's laptop btw and it's pretty cool).

[grynge]

It would be a hard program to keep up with all the various OS's and then if they haven't updated etc etc but it possibly could be a worth while project for someone.

[KenW3]

Take a look at FireSheep. When you are on an unsecured network, this Firefox add-on will allow people to capture cookies being returned to other users, and remain in other people's accounts.

This is the kind of stuff that scares me away from free WiFi (or even paid, such as a hotel).

[JJMcClure]

Take a look at FireSheep. When you are on an unsecured network, this Firefox add-on will allow people to capture cookies being returned to other users, and remain in other people's accounts.

This is the kind of stuff that scares me away from free WiFi (or even paid, such as a hotel).

Hmm, what if I was using the incognito function and it wasn't storing cookies, I never allow any finance related passwords to be stored either in browsers or software like Last pass. It's more the packets being 'sniffed' that worries me or my laptop being accessed by a malicious third party. I just don't know enough about how that happens to protect against it.