Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Help about public wireless access and security
Old 08-16-2006, 08:14 AM   #1
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,341
Help about public wireless access and security

Regarding public wireless access (which I am currently on), I am still confused about security. I googled for more info but could not find the answers to my questions.
I have the freebie ZA firewall and netscape 7.x 128 encryp. I always hear warnings about not entering sensitive (financial) information but what about when I am doing through my browser. I thought that with encryp protection and acessing protected sites, hackers would be prevented from getting my information.

Can anyone shed some light?

Thanks
__________________
I look to the present moment because that's where I live my life.
MJ is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Re: Help about public wireless access and security
Old 08-16-2006, 08:23 AM   #2
Thinks s/he gets paid by the post
cube_rat's Avatar
 
Join Date: Jul 2005
Posts: 1,466
Re: Help about public wireless access and security

Quote:
Originally Posted by vagabond
Regarding public wireless access (which I am currently on), I am still confused about security. I googled for more info but could not find the answers to my questions.
I have the freebie ZA firewall and netscape 7.x 128 encryp. I always hear warnings about not entering sensitive (financial) information but what about when I am doing through my browser. I thought that with encryp protection and acessing protected sites, hackers would be prevented from getting my information.

Can anyone shed some light?

Thanks* *
After reading details about the advent of RSA encrpytion technology, I have absolutely no qualms about using protected sites.* *Any would be hacker would have figure out the distance between two prime numbers 166 (I believe it's up to 166?) digit long in order to figure out the encryption key.

I'm modifying my orginal post to state again -->protected sites only using RSA which is the gold standard. Wireless encryption is whole other story and some methods can be easily hacked with downloadable tools from the internet.
__________________
fuzzy? cute?
cube_rat is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 10:05 AM   #3
Full time employment: Posting here.
 
Join Date: Aug 2004
Posts: 911
Send a message via ICQ to Marshac Send a message via AIM to Marshac Send a message via Yahoo to Marshac
Re: Help about public wireless access and security

Quote:
Originally Posted by cube_rat
After reading details about the advent of RSA encrpytion technology, I have absolutely no qualms about using protected sites.* *Any would be hacker would have figure out the distance between two prime numbers 166 (I believe it's up to 166?) digit long in order to figure out the encryption key.

I'm modifying my orginal post to state again -->protected sites only using RSA which is the gold standard.* Wireless encryption is whole other story and some methods can be easily hacked with downloadable tools from the internet.
I wouldn't be so trusting. It's really easy to poison the ARP, and then do a man-in-the-middle attack. Software packages such as Cain & Able make this uncomfortably easy to do..... and make for some hilarious fun at work.
Marshac is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 10:23 AM   #4
Thinks s/he gets paid by the post
cube_rat's Avatar
 
Join Date: Jul 2005
Posts: 1,466
Re: Help about public wireless access and security

Quote:
Originally Posted by Marshac
I wouldn't be so trusting. It's really easy to poison the ARP, and then do a man-in-the-middle attack. Software packages such as Cain & Able make this uncomfortably easy to do..... and make for some hilarious fun at work.

I wasn't referring to desktop or network sniffing. Wireless network, desktop protection is a whole different ball game, IMHO and is still considered the wild west. Now try and factorize RSA-704, that's far more entertaining than sniffing and exploiting desktop and network passwords

http://www.rsasecurity.com/rsalabs/node.asp?id=2093

Very good point though!


__________________
fuzzy? cute?
cube_rat is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 10:51 AM   #5
Thinks s/he gets paid by the post
 
Join Date: Jan 2004
Posts: 2,049
Re: Help about public wireless access and security

1) Key loggers
2) Modified/hacked browser
3) Modified/hacked TCP (communication) stack
4) Remote site hack (i.e., someone has access to the bank website)
5) Remote site DNS spoof (redirecting "chase.com" to a spoofed site)
6) Lengthy HTTPS (SSL) session

The first 3 can be attenuated with good virus/worm protection and ZA. #4 is out of your control. #5 is out of your control but pay attention to any oddities on the site. For #6, just don't stay connected to a secure site for a lengthy period of time.

For your UNsecure communication (posting to this site, cnn.com, etc.), assume you're being sniffed. Don't use the same passwords. Even on encrypted wireless networks, the encryption can be hacked with a downloadable tool, as cube mentioned. It just takes enough traffic.
eridanus is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 10:59 AM   #6
Full time employment: Posting here.
 
Join Date: Aug 2004
Posts: 911
Send a message via ICQ to Marshac Send a message via AIM to Marshac Send a message via Yahoo to Marshac
Re: Help about public wireless access and security

Quote:
Originally Posted by cube_rat
I wasn't referring to desktop or network sniffing.*
No, but with a man-in-the-middle attack, I can take your https request, issue you my own cert (so you still get the little lock thing in your browser), and then contact the webserver myself. Everything between you and I would be encrypted, and between myself and the server... you would have very little warning this was going on, and I would have access to everything you submit. This same attack can be used for telnet, SSH, etc... almost anything. It's quite a different animal than simply observing passing network traffic.

Edit: What do you know, wiki has an article on it too-

http://en.wikipedia.org/wiki/Man_in_the_middle_attack
Marshac is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 12:16 PM   #7
Thinks s/he gets paid by the post
 
Join Date: Jan 2004
Posts: 2,049
Re: Help about public wireless access and security

Quote:
Originally Posted by Marshac
No, but with a man-in-the-middle attack, I can take your https request, issue you my own cert (so you still get the little lock thing in your browser), and then contact the webserver myself.
There's very little an end user can do to prevent this. If a sophisticated hacker owns the proxy through which all traffic passes, it's game over, man. The vast majority of net users do not use public key servers (are there any left?), nor do they trade public keys with their friends or banks through secure channels.
eridanus is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 12:20 PM   #8
Moderator Emeritus
Martha's Avatar
 
Join Date: Feb 2004
Location: minnesota
Posts: 13,228
Re: Help about public wireless access and security

I have no idea what you guys are saying.

My worry is someone being able to find out brokerage or bank account passwords to steal money. Bottom line, should you or should you not conduct financial transactions on the Internet? What do you need to make sure that no one steals data from you in the course of that transaction?
__________________
.


No more lawyer stuff, no more political stuff, so no more CYA

Martha is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 12:35 PM   #9
Thinks s/he gets paid by the post
cube_rat's Avatar
 
Join Date: Jul 2005
Posts: 1,466
Re: Help about public wireless access and security

Quote:
Originally Posted by Martha
I have no idea what you guys are saying.*

My worry is someone being able to find out brokerage or bank account passwords to steal money.* Bottom line, should you or should you not conduct financial transactions on the Internet?* What do you need to make sure that no one steals data from you in the course of that transaction?
Marshac and I were discussing two slightly different things.* I'm a RSA technology fan (within the RSA realm ONLY), which works quite differently from what he's pointed out.* He makes excellent points that should be duly noted by all.

Sorry Martha, I know I didn't answer your concerns.* I'm babbling again and need to move on* *
__________________
fuzzy? cute?
cube_rat is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 01:21 PM   #10
Thinks s/he gets paid by the post
 
Join Date: Jan 2004
Posts: 2,049
Re: Help about public wireless access and security

Quote:
Originally Posted by Martha
I have no idea what you guys are saying.

My worry is someone being able to find out brokerage or bank account passwords to steal money. Bottom line, should you or should you not conduct financial transactions on the Internet? What do you need to make sure that no one steals data from you in the course of that transaction?
There's always a risk given current technology.

1) Secure your PC.
2) Don't use the same usernames/passwords for your secure accounts as you do for your non-secure accounts. E.g., your bank password shouldn't be the same as your forum password.

+ all the other things you shouldn't do, including avoiding phishing emails and phone calls.
eridanus is offline   Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 01:27 PM   #11
 
Posts: n/a
Re: Help about public wireless access and security

Quote:
Originally Posted by Martha
I have no idea what you guys are saying.

My worry is someone being able to find out brokerage or bank account passwords to steal money. Bottom line, should you or should you not conduct financial transactions on the Internet? What do you need to make sure that no one steals data from you in the course of that transaction?
Most identity theft today is still accomplished by Low Tech methods. (They steal the statement from your bank or Brokerage company out of your mailbox) - This is one reason why I don't have statements mailed to me.

If they are sophisticated users they will hack the bank or brokerage company computer - Because as Wille Sutton said 'That's where the money is'
  Reply With Quote
Re: Help about public wireless access and security
Old 08-16-2006, 02:04 PM   #12
Full time employment: Posting here.
 
Join Date: Apr 2005
Posts: 524
Re: Help about public wireless access and security

Quote:
should you or should you not conduct financial transactions on the Internet?
It all depends on your risk tolerance -- nothing is 100% secure. If you keep your computer reasonably secure there's little risk with internet transactions from your home. Your risk increases if you let others (especially kids) use the computer, conduct transactions over a public wifi network (as Marshac explained), or use a computer that isn't trusted.

To keep your computer secure:
- Don't open e-mail attachments that you're not expecting to receive.
- Don't download and install questionable software from the internet.
- Run anti-virus software and scan and update regularly.
- Use a NAT router on your home network.
+ Use 'strong' passwords
+ For wireless networks, use WPA with a strong passphrase.
JB is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Be careful managing assets, accounts, money, over the internet on wireless chinaco Life after FIRE 51 05-21-2007 08:58 AM
Access Vanguard from Wireless Connection at Coffee Shop??? TromboneAl Other topics 41 02-08-2007 03:52 PM
weak links in online shopping security wabmester Other topics 9 05-25-2006 12:24 AM
Nice deal on a decent 802.11g 54Mb/s router - ~$15 bucks cute fuzzy bunny Other topics 20 02-21-2006 07:52 PM

» Quick Links

 
All times are GMT -6. The time now is 04:07 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.