-
Website
http://www.scobleizer.com/ -
Original page
http://scobleizer.com/2006/08/31/how-do-you-keep-your-stuff-private-on-wifi-networks/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
All Comments
Actually all WiFi networks should use this technique, imo. It's the only fairly secure way of surfing wirelessly today.
http://www.hotspotvpn.com/
For IM, it's worth remembering that Skype traffic is encrpyted - both voice and chat.
At some conferences there is also the miss-conception that if they provide a WEP key then the traffic is encryped from everyone. Of course, it's only encryped from those who don't know the WEP key.
http://www.connectsafely.com/
Remember, even if it's not on-screen, you really have no idea what the otherwise innocuous looking folk in that cafe or Hotspot are doing behind the scenes as they tap into the same wifi connection you're using...
Okay, here it is:
http://farhanahmed.net/blog/?p=253
1. Never, *ever*, attend DEFCON, where the Wall of Sheep is setup every year. Basically, any password or login captured on the conference's WiFi network will be posted on the wall for all to see (they actually mask the passwords, but it is embarrasing to see joe@cisco.com up there!).
2. Use, as suggested, a VPN or SSH tunnel solution. If possible, if you use a hosting service for your email, choose one that features secure mailboxes.
3. If you are at a Starbucks, it may be safe to assume the T-Mobile hotspot you connect to is really T-Mobile's...if in doubt, assume the hotspot is hostile. A purposefully-configured access point can become an automated man-in-the-middle attack machine, redirecting transparently redirecting your traffic through a scammer's site. You would appear to be logging into your online banking, but instead, some guy in a basement is capturing all your data. Go to the Wi-Fi Alliance homepage, search for Evil Twin, and click on the 'related FAQs' link (shame on them for not providing a direct hyperlink!). There is some good general information there. Google also has a bunch of links to Evil Twins.
4. Install an antivirus and software firewall. When you connect to a WiFi hotspot, independantly of whether WEP or WPA is enabled or not, you are connected on Layer 2 (except in some very specific, very expensive setups, which is not what is usually seen at public hotspots) - this means you are vulnerable to all sorts of attacks, including ARP spoofing and other nasty tricks.
5. Get an EVDO card :)
(OK, that last one was a punch below the belt...)
Our SecureMyWiFi™ offers even a home user the corporate-grade security (WPA-ENTERPRISE..not wep, not wpa-personal/psk) and secure web management of their wi-fi network for $9.99 a year.
Our personalVPN™ encrypts all your data (IM, VoIP, e-mail, whatever) over any wireless or wired network as well as anonymizes your Identity on the Internet. It's only $39.99 a year. It's an SSL VPN backed up by security certificates. rock solid!
Both solutions are set up online, are the strongest security available, work with macs, PCs, Linux and are (as you can see) aggressively priced. we guarantee all our services unconditionally for 30 days after purchase.
The only bad part is that I have to set my browser to not use the proxy while I log in to whatever authentication the coffee shop wants, then switch it back over to use the proxy.
But as long as I can get an ssh connection out of my laptop, the only thing sniffers on the network can see is that I've got traffic with my colo box.
It's a bit harder to do on Windows than on Linux or Mac, but even there it's not too bad to set up.
Regardless, better safe than sorry, and this is one reason why I tell people that they are better off using a web-based e-mail solution on the road. Always make sure that when doing bill-paying or e-mailing on the road that your URLS start with "https:" rather than "http:" and all your traffic should be encrypted. You can also get encrypted e-mail connections using POP servers etc, but it's not nearly as easy to know for sure that that is working as you would like it to be.
Then again, the amount of people with the wits and the drive to break wireless security make the odds of _your_ wireless connection getting tapped pretty good.
If you really want private browsing Torpark (http://torpark.nfshost.com/) is the answer. But on a public computer (with, say, a nice keylogger installed) I still wouldn't use it.
This 'browzar' seems rather dumb (the lame name doesn't help); you can set pretty much any browser to not store anything these days. Or you could clear the history/etc. And yes, I know anything deleted from disk is still there until it gets overwritten. How many people know about that?
Okay I am tired after a long day and making stuff up but I could not resist.
@16, That's frikin' tacky Bill-topia!
ha. yeah..I know. Have my regrets about it. My only defense is that when you found a company to solve a problem (and continually see articles asking how to solve it) you tend to excitedly blurt out the answer. hey..at least i was open and honest about who I was and didn't do some anonymous post.
plus, the question was asked what I use and I do use our services. :) a wee bit spammy though now that I see it up in black and white..sorry if it proved offensive.
http://www.vmware.com/vmtn/appliances/directory...
You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?
I really love how Scoble thinks he knows something we don't. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don't say!
Seriously, you're a joke, Scoble. Go back to your Web 2.0.
Seems like it anyway
Booger
http://www.hanselman.com/blog/ANewPrivateBrowse...
And if you read the comments there, you'll find some caveats to Browzar and a few alternatives.
Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There's lots of HOWTOs out there on securing wifi, and most of the good ones have steps like "setup an SSH sever" with the assumption that you'll already know how to do that. This kind of post tends to attract more user-level advice.
Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn't that secure? Yeah, but we don't all fully understand by how much.
Remember this: a good part of his reading audience is what used to be called "power users" back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.
Power users aren't dumb, they are just _not experts_. Why the *&%# should they be?
Reality check here:
Most users, even most power users don't have a good mental model of how security across a network works. Why?
1. Because of the craptastic OS that most of us use hides what really goes on.
2. Because the explanations commonly used are oversimplified and inaccurate.
3. Because the people who do know usually can't be bothered to explain in a human-readable way.
4. Because 60% of what we learn is secure this year is cracked the next.
5. Vendors.
Oh, you want me to talk about vendors? Heh. I mean, we've been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I'm not talking about hushmail, I'm asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don't have the engineering chops, but because they are...
...er... I don't know why, actually. Ethically challenged?
Okay, here's a moral challenge, all you Web 2.0 ers - what have you done today to give your _customers_ more security?
-r.
"You seem flip flop between condescending and clueless."
As opposed to LayZ, who seems consistent at both!! :D
http://www.hamachi.cc/
Versions for Windows, Mac and Linux.
People interested in security may want to listen to Security Now! podcast
http://www.grc.com/securitynow.htm
With a "VPN service" (where they've already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn't peer to peer. On AIM, it's an option called direct connect.
I would also recommend the security podcasts at http://www.grc.com/securitynow.htm.
Regards from Cornwall
Phil
http://www.anchorfree.com/hotspot-shield/
Jay
T1 Buyer's Guide