WiFi
- Thread starter dotnmarty
- Start date
Marty,
Great discovery. Hope you are stopping there for the wifi. Wonder if it is the same with Burgler King and Jack in the Box, or Carl's Jr. They all have pretty decent $1 burgers or chicken sandwichs. I used to get Whoppers with cheese and no meat (at the have it your way place, BK) for a buck all the time. Haven't tried that for a while though.
Now that we are doing more work away from the clinic, we will be needing to find those WiFi hot spots.
Harvey
SleepyC :moon
Great discovery. Hope you are stopping there for the wifi. Wonder if it is the same with Burgler King and Jack in the Box, or Carl's Jr. They all have pretty decent $1 burgers or chicken sandwichs. I used to get Whoppers with cheese and no meat (at the have it your way place, BK) for a buck all the time. Haven't tried that for a while though.
Now that we are doing more work away from the clinic, we will be needing to find those WiFi hot spots.
Harvey
SleepyC :moon
Pat Anderson
New member
It is not safe to access your bank account using a WiFi in a place like McDonalds. Anybody with minimal technology sitting outside can intercept that communication between your computer and the WiFi access point.
SeaSpray":th4hj60b said:
If they are setting outside of a McDonalds waiting to score a large number of big time accounts they sure don't have much ambition. :wink:
I would hope that they don't put too much money in my account while that are at it....for I just couldn't stand the pressure of spending anymore money.
:smilep
I would hope that they don't put too much money in my account while that are at it....for I just couldn't stand the pressure of spending anymore money.
:smilep
Pat Anderson":1fyngb63 said:
Hello Pat, Steve, Marty, and Others,
I would respectfully disagree with your answer Pat. I mean no disrespect and don't mean to be impertinent. I was going to PM you to avoid a public disagreement but thought it better we come to a reasoned decision publicly so everyone else on the board might benefit.
Steve - perhaps a better, or alternative question would be...IS it safe to access your bank account online? (i.e., is online banking safe?) My answer is "yes" if you are accessing your accounts through a secure devise which is utilizing a secure connection to the website in question. Whether you are using WiFi is not relevant. Many of us use WiFi in our own homes. McDonalds WiFi is NO DIFFERENT than what you/we use in our offices or other places of business. So, my position would be that internet access is all more similar than different. That is to say...If eaves-dropping where possible or likely, it would occur IRRESPECTIVE of whether you are "online" using a WiFi network or using a corded connection to DSL, dialup, fast access cable, etc.
WiFi access points such as you find at McDonalds and numerous other places (like motels for instance) are no more risky when it comes to doing your online banking than if you were doing the same thing at home. That assumes (and I know where "assuming" can land a person) you are accessing the internet with a secure devise utilizing a secure connection to the bank, online merchant, etc.
When I say secure devise, I mean one that is not "remotely" accessible...or one that is password protected. Even my iPod Touch has a built in firewall that prevents someone from 'hacking' into the devise. That is what I mean by "secure devise." To my knowledge, most modern devises incorporate these protections routinely.
Secure websites are another matter. You can easily see if you have a secure connection to a website by looking at the web address in your browser's window. If you see "http://www.c-brats.com" you ARE NOT on a secure connection to that website. One little letter will denote the difference between secure and non-secure websites. In the above example, if it were secure, it would say "https://www.c-brats.com" See that little "s" after the http? That means "secure." Notice when you log onto your bank's website or an online merchant's website, you should see that 's' If you don't, you may not be on a secure connection and the information transmitted COULD be intercepted. Some browsers will show other indications that you are on a secure website. For instance, Firefox (for Mac) will show a little 'padlock' kind of symbol at the lower right corner of the browser window when I'm logged onto a secure website.
Internet safety/security is very important. Even if YOU don't use online banking or shop online, your personal information is probably being transmitted via the internet by your bank or other companies with whom you conduct business. I'm NOT an expert on IT matters, so I could certainly be wrong in my current understanding of the 'system'...
Thanks,
/david
Wandering Sagebrush
Free Range Human
Pat Anderson":221bq5oe said:
Pat, where as I don't bank electronically from anywhere, going back to my info security days, it seems that if the communication is https and not http, you are probably ok. That said, I don't trust any of it.
I am by no means an expert on internet security, but I will not do banking or even purchases on an open public Wi Fi site. My home sites are entirely different, and with reasonable passwords and some other security measures, I occasionally do access financial sites. However, for banking and purchase etc, I use hard wired connection.
I refer you to an article in the New York Times by David Progue--who has written several books on computers and is the Time's Technology Columnist.
http://pogue.blogs.nytimes.com/2007/01/ ... gue-email/
He had thought that using public Wi FI was safe, until it was demonistrated to him, that everything, which he had on his computer's screen, every web site, every e-mail, form etc, could be easily intercepted by a person who was skilled--and it was easy to do. See "Packet Sniffers". Depending on how your use the sites and if there is encryption you may or may not be succeptable. I would not take the chance.
I refer you to an article in the New York Times by David Progue--who has written several books on computers and is the Time's Technology Columnist.
http://pogue.blogs.nytimes.com/2007/01/ ... gue-email/
He had thought that using public Wi FI was safe, until it was demonistrated to him, that everything, which he had on his computer's screen, every web site, every e-mail, form etc, could be easily intercepted by a person who was skilled--and it was easy to do. See "Packet Sniffers". Depending on how your use the sites and if there is encryption you may or may not be succeptable. I would not take the chance.
Ya know what? I use both public and private wireless connections to do everything. Banking, stock investments, portfolio management, bill pay and I buy online using my credit cards. Of course I use well known https sites and before I logon to a public WiFi site to connect with them, I notify my firewall/security software that I'm using a public connection and it goes into "overdrive protection". Never had a problem. The odds are in my favor. Getting hacked is probably about the same as being struck by lightning or bitten by a Great White shark.
AFAIC, it's far more dangerous to hand my credit card to a restaurant server or simply put a check in my home mailbox for the postal person to pick up.
One of our snail mail payments was never received - two weeks later somebody with an inkjet printer and blank checks used my account number, my bank routing number, and a name that matched some ID they had. So I paid for their groceries that month. How did they get the info? Occams Razor logic says probably by dipping into our mailbox before the carrier got there.
Would any C-Dory owner go 50 miles offshore without a VHF radio? Without charts and a compass? Of course not. OTOH, would we never go out of sight of land WITH nav equipment/charts because it's possible everything could wash overboard? Nope. At least that possibility wouldn't affect me.
I think there are legitimate risks involved in using public sites, but I can live with that risk since the number of hackers capable of evesdropping, in my area, and interested in some old geezer's laptop are infinitesimal. :roll:
AFAIC, it's far more dangerous to hand my credit card to a restaurant server or simply put a check in my home mailbox for the postal person to pick up.
One of our snail mail payments was never received - two weeks later somebody with an inkjet printer and blank checks used my account number, my bank routing number, and a name that matched some ID they had. So I paid for their groceries that month. How did they get the info? Occams Razor logic says probably by dipping into our mailbox before the carrier got there.
Would any C-Dory owner go 50 miles offshore without a VHF radio? Without charts and a compass? Of course not. OTOH, would we never go out of sight of land WITH nav equipment/charts because it's possible everything could wash overboard? Nope. At least that possibility wouldn't affect me.
I think there are legitimate risks involved in using public sites, but I can live with that risk since the number of hackers capable of evesdropping, in my area, and interested in some old geezer's laptop are infinitesimal. :roll:
Pat Anderson
New member
This was exactly my point. The McDonald's WiFi is completely open and highly susceptible to interception. I don't know if my wired connection at home is completely safe - what is? - but it is heck of a lot safer than an open WiFi connection anywhere, McDonald's, any number of hotels, heck, the Snoqualmie Taproom.
thataway":2bawvaae said:
If one is uncomfortable accessing financial info via a public access point like MacDonalds, that's fine - just don't do it, and feel warm and fuzzy about your decision. Don't let folks try and convince you otherwise - it's simply not worth stressing over.
However the reality is, such activities are typically safer than accessing the C-Brats via such locations.
Huh? Yup, you read that right...here's why.
Accessing any bank or financial institution, is done via an encrypted session. That encryption is point-to-point - that is, the only two computers that can decrypt the communications, are your PC, and the server you are talking to at your bank.
It doesn't matter if somebody is capturing the data over the airwaves using a sniffer, or anywhere else along the Internet path to your bank - they can't decrypt the information. The data they gather, is pure gibbereish to them. What they can do, is tell where you are going - but nothing else about that communication is visible to them.
So...why is the C-Brats a bigger security risk? For the same reason any typical community site you login to is - we don't encrypt a thing. So, when you enter your C-Brat ID and password at MacDonalds (or anywhere else), anyone capable of intercepting the data CAN easily see your login credentials. If you've told your browser to remember your login details, that doesn't matter - they still get sent "under the covers."
OK, says you - so what? It's just some stinkin' user ID and password at a boating site. The problem is, people are ignorant about such things...much as it might sound nuts to many of you, tons of people use the same or similar user ID's and passwords everywhere - including their financial institutions. So, intercepting your lowly community site credentials, gives the bad guy info that might be useful at the sites you DO care about.
The obvious way to avoid this, is to refrain from such dopey password behavior. My method - any web site that falls into the "I don't care" bucket, gets a simple password using a combination of something related to the site name, plus a common key. Here's a bogus example:
Site name: c-brats
Common Key: 123abc
So, let's say my "related to site name method" is taking the odd numbered characters in the site name. Adding that to my common key, gives a password of "cbas123abc". For the TugNuts: "tgus123abc". Using this method allows me to have different passwords for low-priority sites, but I can easily remember them if my browser forgets them, or I'm surfing from a computer I don't normally use. Somebody intercepting these credentials might be able to figure things out at other low-priority sites where the same method is used, but it's not a slam dunk. Basically, I trade off a bit of security for ease of use.
At any site I'm concerned about, i.e. financial, health care, etc. - passwords are randomly generated, and completely unique to that site.
The reality is, that bad guys getting your treasured info via sniffing data is the exception - that's way too much work for them. Rather, they go for far simpler methods, or exert more effort for significantly higher rewards. A simple method example: Interception of your credit cards, i.e. paying at a restaurant or hotel. More complex: In the digital/online world, they attack and compromise servers where they can get thousands of personal account details in one fell swoop.
But again - do whatever you are comfortable with. Don't let newspaper columnists, TV anchors, or even some nerd you might know talk you into activities you would rather avoid.
However the reality is, such activities are typically safer than accessing the C-Brats via such locations.
Huh? Yup, you read that right...here's why.
Accessing any bank or financial institution, is done via an encrypted session. That encryption is point-to-point - that is, the only two computers that can decrypt the communications, are your PC, and the server you are talking to at your bank.
It doesn't matter if somebody is capturing the data over the airwaves using a sniffer, or anywhere else along the Internet path to your bank - they can't decrypt the information. The data they gather, is pure gibbereish to them. What they can do, is tell where you are going - but nothing else about that communication is visible to them.
So...why is the C-Brats a bigger security risk? For the same reason any typical community site you login to is - we don't encrypt a thing. So, when you enter your C-Brat ID and password at MacDonalds (or anywhere else), anyone capable of intercepting the data CAN easily see your login credentials. If you've told your browser to remember your login details, that doesn't matter - they still get sent "under the covers."
OK, says you - so what? It's just some stinkin' user ID and password at a boating site. The problem is, people are ignorant about such things...much as it might sound nuts to many of you, tons of people use the same or similar user ID's and passwords everywhere - including their financial institutions. So, intercepting your lowly community site credentials, gives the bad guy info that might be useful at the sites you DO care about.
The obvious way to avoid this, is to refrain from such dopey password behavior. My method - any web site that falls into the "I don't care" bucket, gets a simple password using a combination of something related to the site name, plus a common key. Here's a bogus example:
Site name: c-brats
Common Key: 123abc
So, let's say my "related to site name method" is taking the odd numbered characters in the site name. Adding that to my common key, gives a password of "cbas123abc". For the TugNuts: "tgus123abc". Using this method allows me to have different passwords for low-priority sites, but I can easily remember them if my browser forgets them, or I'm surfing from a computer I don't normally use. Somebody intercepting these credentials might be able to figure things out at other low-priority sites where the same method is used, but it's not a slam dunk. Basically, I trade off a bit of security for ease of use.
At any site I'm concerned about, i.e. financial, health care, etc. - passwords are randomly generated, and completely unique to that site.
The reality is, that bad guys getting your treasured info via sniffing data is the exception - that's way too much work for them. Rather, they go for far simpler methods, or exert more effort for significantly higher rewards. A simple method example: Interception of your credit cards, i.e. paying at a restaurant or hotel. More complex: In the digital/online world, they attack and compromise servers where they can get thousands of personal account details in one fell swoop.
But again - do whatever you are comfortable with. Don't let newspaper columnists, TV anchors, or even some nerd you might know talk you into activities you would rather avoid.
jkidd
Active member
Very good info Da Nag one can't be to careful. One other area that might be of concern if you have any folders on your machine that are shared they could be available to all of the users on that wifi device so if you store sensitive data in those folders like taxes, bank info, or a file with your passwords look out. Pat brings up an interesting point as well I have seen many access points that are placed into company networks and not properly secured so when the free user connects he has access to all the company computers and servers. I usually hear, oh we didn't know you could do that. One tool that I carry around will tell me all of the IPs on that subnet and what ports are open on each IP it only takes a couple minutes to find all of the weak points.
Captains Cat
New member
Bill said: "At any site I'm concerned about, i.e. financial, health care, etc. - passwords are randomly generated, and completely unique to that site. "
How do you do that Bill? I've got an encrypted file with my pws in it and one hard copy that I use, updated periodically. I'd sure like to randomly generate them and change them frequently.
Thanks
Charlie
How do you do that Bill? I've got an encrypted file with my pws in it and one hard copy that I use, updated periodically. I'd sure like to randomly generate them and change them frequently.
Thanks
Charlie
Captains Cat
New member
Never mind Bill. I should have followed the advice I give other folks. I googled "random password generation" and came up with a gizillion ways to do it! Now to get to work and fix all my passwords that I've been negligent at.
I still have one question though, where/how do you store those random passwords so you don't forget them and they are secure?
Charlie
I still have one question though, where/how do you store those random passwords so you don't forget them and they are secure?
Charlie
Dunno about Bill, but I use (and love) Roboform, Charlie. Cheap and all I have to remember is one strong password, which for me is a mixture of numbers, letters, and symbols. Yah it was hard to memorize, but it's made life much easier.
For Internet purchases from even slightly suspected vendors, I use PayPal's "one time credit card" feature. PayPal issues me a Master Card number complete with security code, that expires as soon as I use it once, then pays the merchant out of my PayPal account or uses my real credit card (my choice).
Yah, I do a lot on the web but it doesn't mean I'm not careful.
Don
For Internet purchases from even slightly suspected vendors, I use PayPal's "one time credit card" feature. PayPal issues me a Master Card number complete with security code, that expires as soon as I use it once, then pays the merchant out of my PayPal account or uses my real credit card (my choice).
Yah, I do a lot on the web but it doesn't mean I'm not careful.
Don
Good info Bill (DaNag). And the link posted by Dr. Bob is informative as well. It makes clear the "packet sniffing" technology applies to unencrypted internet communications. So, whilst your sent/received emails can be intercepted by the bad guys, your banking info CANNOT...which goes back to the original question.
Secure, encrypted internet communications are very secure. This is true whether your at home or McDonalds. If someone is interested in intercepting your emails or C-brats private messages...well, that can happen on an open WiFi access point or from your home as well. If anything, we should all learn that unencrypted information sent via internet is NOT SECURE and is at risk of compromise. There are ways of sending encrypted emails if you wish. Our kids have learned how "open" the internet is through hard lessons learned on Facebook and other social networking sites...personal data does not stay personal. That is the lesson we need to learn too. Be careful sending names, addresses, phone numbers, etc via email. NEVER send a credit card number or SSN via plain email or submit it on a non-secure webpage.
For another kick, try Googling your name. Or go to whitepages.com and look up your name there. There is a surprising amount of personal info already on the net. Yikes!
I think I'll go check my bank account... :wink:
/david
Secure, encrypted internet communications are very secure. This is true whether your at home or McDonalds. If someone is interested in intercepting your emails or C-brats private messages...well, that can happen on an open WiFi access point or from your home as well. If anything, we should all learn that unencrypted information sent via internet is NOT SECURE and is at risk of compromise. There are ways of sending encrypted emails if you wish. Our kids have learned how "open" the internet is through hard lessons learned on Facebook and other social networking sites...personal data does not stay personal. That is the lesson we need to learn too. Be careful sending names, addresses, phone numbers, etc via email. NEVER send a credit card number or SSN via plain email or submit it on a non-secure webpage.
For another kick, try Googling your name. Or go to whitepages.com and look up your name there. There is a surprising amount of personal info already on the net. Yikes!
I think I'll go check my bank account... :wink:
/david
smittypaddler
New member
vim, an editor commonly found on Linux systems, has an option to encrypt a file you're editing. I use it to store my passwords with an encryption key not written anywhere.
Thanks to all for a great discussion--let me add one other caution. It is very easy to "ease drop" on any phone conversation--be it cell phone, or your "wireless" phones in your home. Sure it is illegal, but does that stop the bad guys? Most of us HAM operators have recievers (and transmitters) which can be every easily modified to recieve any frequency--legal or not. The point is that if you give credit card information over the telephone it may not be secure. These recievers are readily available, and the modifications are openly on the web.
Certainly granted, that the bad guys will far more likely get your credit card number at a restraunt. I had mine lifted in Mexico--as best I could figure--and the charges started showing up in Europe about 6 months later. Fortunately my banking company questions any unusual transaction--and we till them if we are going to be making large pruchases, or traveling--and giving a fairly accurate itiniary.
Certainly granted, that the bad guys will far more likely get your credit card number at a restraunt. I had mine lifted in Mexico--as best I could figure--and the charges started showing up in Europe about 6 months later. Fortunately my banking company questions any unusual transaction--and we till them if we are going to be making large pruchases, or traveling--and giving a fairly accurate itiniary.