This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Five Lines of Code and have Christian Clausen on-line!
See this thread for details.
Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

wireless network

 
Ranch Hand
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I sometimes bring my laptop to a library. The library has wireless network open to public. So when I click my laptop's "view wireless network", I can see the library's wireless network. But it shows "unsecure wireless network". And when I click "connect", it pops up warning window showing "things sent through this network are not encrypted...".

My biggest concern are --

1. if I use this unsecure wireless network to get online and surf internet, will anybody else using the same network be able to get any access to my laptop (file system, etc) ??

2. suppose I go to my e*trade account, when I log in, will my id and password be maliciously obtained by anybody on the network ?

3. same thing for doing a online purchase, suppose the site offers "HTTPS" SSL service, is it possible for my credit card info be hacked by someone on the library netwrk ?

Thanks.
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They won't be able to get at the contents of your laptop, but at anything you send over the network that's not explicitly encrypted. E.g., HTTP is plain text, so any web activity is viewable by anybody. Unless it uses HTTPS, in which case it's encrypted. But the fact that you are to a site (even if it's over HTTPS) is still watchable.

Email is wide open, too, by the way, including passwords.
 
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Raj Ohadi:1. if I use this unsecure wireless network to get online and surf internet, will anybody else using the same network be able to get any access to my laptop (file system, etc) ??

2. suppose I go to my e*trade account, when I log in, will my id and password be maliciously obtained by anybody on the network ?

3. same thing for doing a online purchase, suppose the site offers "HTTPS" SSL service, is it possible for my credit card info be hacked by someone on the library netwrk ?



How paranoid are you? "Possible" and "be able to" are pretty vague.

If you are running Windows, then the strict answer is "it depends" and may be fairly easy. If you run OS-X or Linux, you "can" make it more secure, but its not trivial, and it technically "depends" still.

Your E*Trade access had better be SSL all the time, if not, stop using e*trade.

SSL is pretty safe in use. Practically, it is safe. But there are many malware programs that can get into a Windows box and capture passwords, etc. before they are sent to SSL.

If you have "sharing" turned on, its fairly dangerous, as there are many exploits unless you have kept up with all the patches. Well, there are many exploits in any case, but most of them can be thwarted.

"securing" the wireless network helps, but WEP security does nothing, its trivial to hack. WPA can be better. Check outWikipedia on Wireless security

And check out "kismet" which is a wireless snoop program, its amazing.

Note: this thread really should be moved to "general computing" or perhaps "security"
 
Ranch Hand
Posts: 490
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wouldn't do anything on public wireless network that if the information got out it could harm you. In other words don't log into e-trade or your bank.

Why?

If it is encrypted, someone running a packet sniffer won't be able to ferret out much, other than learning that someone is on E-trade.

However, it is fairly trivial to set up a man in the middle attack on a public wireless network and if you are not careful and click yes through invalid certificate dialog boxes you will be thoroughly owned.


In short, encryption will not save you.
[ June 07, 2008: Message edited by: Rusty Shackleford ]
 
Raj Ohadi
Ranch Hand
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the answers. If I use the unscured network, and from there I use VPN to connect to my company network. Will the information still be accessible to others on the public network ? I am not sure. On one hand I think since I used VPN to get into my firm's network maybe it blocks others; but on the other hand since I am still using the public network it may still be unsecure.

Please help answer.

Thanks.
 
Do not meddle in the affairs of dragons - for you are crunchy and good with ketchup. Crunchy tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic