Unsecured wireless networks

[duke]

I occasionally get online on an unsecured and unencrypted wireless network, such as the ones at Starbucks. What I'm wondering is whether it's a good idea to log into vital sites (email, bank accounts, etc...) and send login credentials through the air. Am I okay as long as I have the pad lock icon in my web browser or at least am in more or less the same risk as when connected to a large hubbed network? Am I getting this right?

 

[spidey07]

I sure as heck wouldn't.

But yes, if you have that little lock and you check the credentials of the server your data is encrypted and cannot be read.

everybody can still see/hear/capture/inspect your data. They just can't understand it.

 

[spyordie007]

But yes, if you have that little lock and you check the credentials of the server your data is encrypted and cannot be read.

Unless of course the wireless network operator has malicious intent and runs their own dns server and website in fun phishing scams.

Yes you could still verify the certificate (assuming it's all SSL); but if you're not very careful they could easily get you through social engineering. :roll:

 

[FreshPrince]

I'd like to introduce you to fake AP's

hackers now will go into starbucks and make their computers seem as the starbucks access point. you would go through them and not even know it if you aren't careful...

what does this mean? well, they can send you to a fake banking site that looks just like the real one, but since you didn't check, you wouldn't know the difference. Then all they have to do is wait for you to type in your username and password and capture that information for later use. They can log into your banking account and do whatever they wish. this example can be mirrorred for any purpose, but the most common one is to mimic the starbucks AP portal, because everyone will go there first to either logon to pay for the the wireless hotspot internet. If you just logon, they now have your starbucks ID. they can have free internet anytime they want now. If you pay to get the hotspot internet, they now have your credit card info and can use that to go on a shopping spree. All you will see after you put your password or pay is an error page, which you will then talk with the starbucks employee..but by that time, they already have your CC info or your password.

So, bottom line is, I would not do anything critical on a wireless network, it's too risky.

 

[duke]

Thank all of you guys. :beer: I have to now look into this fake AP hack. Thanks!