Safe use of public WiFi Internet access

[blackhelicopter]

Was at ADL QP yesterday, couldn't even find the Telstra AP. So not sure if it is a continuing issue. Fortunately Internode has good coverage of the whole terminal here and could still connect from within the QP (and it's free).

The Internode AP at ADL is also generally MUCH faster than Hellstra's, even if you're not a paying Internode customer. (You can unthrottle it if you have an Internode username/password for your home ADSL account etc.)

I never bother with QP wifi, I generally use my 3G dongle instead (partially because of the speed or lack thereof, but also working in IT security I have a certain mistrust of public wifi access points )

 

[Mal]

Re: No free net in BNE QP via WiFi

I never bother with QP wifi, I generally use my 3G dongle instead (partially because of the speed or lack thereof, but also working in IT security I have a certain mistrust of public wifi access points )

Especially with tools like FireSheep so easy to use these days...

 

[beardoc]

Re: No free net in BNE QP via WiFi

I never bother with QP wifi, I generally use my 3G dongle instead (partially because of the speed or lack thereof, but also working in IT security I have a certain mistrust of public wifi access points )

Particularly since taking over your Twitter or Facebook account when you connect on a Wi-Fi network is so easy now - people may not be aware of Firesheep - a plugin that snoops on the Qantas Club Wi-Fi network (which is unencrypted) for the cookies you use to log into Facebook and Twitter and then grabs them - a single click and they are logged into Facebook and Twitter as you and can start sending messages as you, email friends asking for money, and post defamatory updates.

Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

If you're not encrypting your transmissions on the QANTAS Club Wi-Fi, then you're at risk.

 

[simongr]

Re: No free net in BNE QP via WiFi

I had a similar problem in the F lounge on Saturday - so I switched to 3G on the iPad.

I am intrigued by the risks around wifi - I use it extensively. I wonder if the iPad usage is more secure but am not sure.

One major challenge is hotels that dont provide wired access and only provide wifi.

All my work emails are through a VPN client (RSA token).

I am not overly concerned about hacking my facebook account though (my bigger issue on facebook is the small private messages at the moment).

 

[samh004]

Re: No free net in BNE QP via WiFi

Especially with tools like FireSheep so easy to use these days...

I forgot to try it out when I was there on Saturday!

Particularly since taking over your Twitter or Facebook account when you connect on a Wi-Fi network is so easy now - people may not be aware of Firesheep - a plugin that snoops on the Qantas Club Wi-Fi network (which is unencrypted) for the cookies you use to log into Facebook and Twitter and then grabs them - a single click and they are logged into Facebook and Twitter as you and can start sending messages as you, email friends asking for money, and post defamatory updates.

Firesheep In Wolves’ Clothing: Extension Lets You Hack Into Twitter, Facebook Accounts Easily

If you're not encrypting your transmissions on the QANTAS Club Wi-Fi, then you're at risk.

As long as the website you are visiting uses HTTPS then you’re safe.

 

[futaris]

Re: No free net in BNE QP via WiFi

As long as the website you are visiting uses HTTPS then you’re safe.

You mean if you use https everywhere or a VPN, etc. Some sites support https but default to using http.

 

[blackhelicopter]

Re: No free net in BNE QP via WiFi

As long as the website you are visiting uses HTTPS then you’re safe.

Assuming the user doesn't click through the certificate warnings if you try an SSL man-in-the-middle attack. Which they always do.

 

[Mal]

Re: No free net in BNE QP via WiFi

I am intrigued by the risks around wifi - I use it extensively. I wonder if the iPad usage is more secure but am not sure.

An ipad is no more safer than a normal pc over wi-fi. It is vulnerable to the same isssues that a pc has.

 

[samh004]

Re: No free net in BNE QP via WiFi

An ipad is no more safer than a normal pc over wi-fi. It is vulnerable to the same isssues that a pc has.

I wonder if the apps that connect to popular sites though might connect through a different port, would that make a difference? I’m not well versed here but I thought HTTP went through a particular port, which might be how firesheep works, but an app may use a different port?

 

[beardoc]

Re: No free net in BNE QP via WiFi

I wonder if the apps that connect to popular sites though might connect through a different port, would that make a difference? I’m not well versed here but I thought HTTP went through a particular port, which might be how firesheep works, but an app may use a different port?

Firesheep works by packet sniffing an unencrypted Wi-Fi connection and picking up cookies from other people that are using the same Wi-Fi network. It doesn't expose passwords but it can intercept cookies from other people's computers and then with a simple click can become logged in as those other people. HTTPS would fix this, as would a VPN tunnel, but Facebook, Twitter, and a whole series of sites do none of these. So be careful. You should be encrypting your connection anyway on public Wi-Fi (try Get Behind the Shield! Hotspot Shield by AnchorFree if you need something, you're not keen to pay for it, and you're willing to put up with ads).

 

[Stealth]

Re: No free net in BNE QP via WiFi

As long as the website you are visiting uses HTTPS then you’re safe.

Beats me why adults play on things like Twitter and Facebook anyway, there are more issues than wi-fi security.

 

[Katie]

No free net in BNE QP via WiFi

Beats me why adults play on things like Twitter and Facebook anyway, there are more issues than wi-fi security.

Most people I know who are on Twitter are in the 25-55 yo bracket; my 22yo sister and her friends don't "get" it.
Facebook is a whole 'nother story, the kids are all over it.

 

[MatF]

Re: No free net in BNE QP via WiFi

You should be encrypting your connection anyway on public Wi-Fi (try Get Behind the Shield! Hotspot Shield by AnchorFree if you need something, you're not keen to pay for it, and you're willing to put up with ads).

What is the best way?

I'm thinking about doing something like this for our trip to europe next month (will probably use unsecured wireless a fair bit):
How to create a VPN for secure web browsing using Hamachi. - Neowin Forums

I do have a good modem/router at home which can act as a VPN endpoint (a Draytek 2820VN), but I'm not that confident in setting it up correctly.

What other options might there be?

 

[markis10]

Seeing as there was some discussion about how safe the internet use is in QPs with WiFi access I thought it deserved it's own thread!

 

[beardoc]

Re: No free net in BNE QP via WiFi

What is the best way?

I'm thinking about doing something like this for our trip to europe next month (will probably use unsecured wireless a fair bit):
How to create a VPN for secure web browsing using Hamachi. - Neowin Forums

I do have a good modem/router at home which can act as a VPN endpoint (a Draytek 2820VN), but I'm not that confident in setting it up correctly.

What other options might there be?

There are plenty - there are piles of VPN companies - if you want just one port, then you can get them for about $50/year in the USA and there are plenty of packages. A byproduct of these is that you can watch Hulu, BBC iPlayer, and other geoblocked material overseas.

 

[Mal]

Re: No free net in BNE QP via WiFi

There are plenty - there are piles of VPN companies - if you want just one port, then you can get them for about $50/year in the USA and there are plenty of packages. A byproduct of these is that you can watch Hulu, BBC iPlayer, and other geoblocked material overseas.

Indeed. I've been looking at ProXPN ( proXPN - Create a FREE VPN Account - Secure your internet connection instantly. ) to secure my Wireless access.

 

[MatF]

Signed up for a paid VPN service last night - 12vpn
Seems to work well so far - very simple to set up, using OpenVPN as the client.

So just to clarify - I connect to a wireless connection/whatever, then start the OpenVPN client? Makes me a bit nervous that there doesn't seem to be any easy way to see that my traffic is actually going through the vpn, apart from the fact that is tells you it has connected. I've gone to a website showing my IP adress, and it seems to think I'm in London, or whichever server I've chosen to connect to, so it does seem to be working.

 

[drewbles]

Signed up for a paid VPN service last night - 12vpn
Seems to work well so far - very simple to set up, using OpenVPN as the client.

So just to clarify - I connect to a wireless connection/whatever, then start the OpenVPN client? Makes me a bit nervous that there doesn't seem to be any easy way to see that my traffic is actually going through the vpn, apart from the fact that is tells you it has connected. I've gone to a website showing my IP adress, and it seems to think I'm in London, or whichever server I've chosen to connect to, so it does seem to be working.

Depending on your operating system, it's quite easy to tell what path it's taking. If you want some assistance on this, just drop me a message. Happy to show you how it's done (may be a bit too 'computery' or not interesting for other people).

I've setup a lot of VPN's in my time and there are various ways of doing it so there's no set-in-stone way to know without checking some routing tables.

 

[MatF]

Thanks drewbles, will send you a PM.

I've ended up getting a refund from 12vpn and signing up with WiTopia instead (after some recommendations), and all seems to be good. WiTopia have more servers to choose from, and seems a bit faster. Also using an OpenVPN client.

As an aside, my refund from 12vpn must have set some kind of record. I emailed them asking for a refund last night (they have a 7 day no-questions-asked refund policy), and received an email from Paypal less than an hour later advising me of the refund. Very impressed with that!

 

[Oneworldplus2]

Digging up an old thread.

I'm interested in using a VPN when in public WiFi areas, anyone have any recommendations?

As a side note, l found Cocoon, a Firefox extension.