Unsecured wifi

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities

Unsecured wifi

Postby musbane » Sun Apr 28, 2013 11:11 pm

So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?
musbane
 
Posts: 334
Joined: Sun Oct 26, 2008 12:14 pm

Re: Unsecured wifi

Postby cheese_breath » Sun Apr 28, 2013 11:37 pm

If your wfi is unsecured that means it is not secure. DUH. It is possible for others to intercept your unencrypted transmissions and possibly, depending on your computer's security software settings, also hack into your computer. I wouldn't want to transmit any sensitive data such as fidelity account number over an unsecured network.
The surest way to know the future is when it's the past.
User avatar
cheese_breath
 
Posts: 3053
Joined: Wed Sep 14, 2011 8:08 pm

Re: Unsecured wifi

Postby Mel Lindauer » Sun Apr 28, 2013 11:37 pm

musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?


Obviously you're taking a huge risk that someone will capture your account information, including your password. Who knows what they might be able to do with that information. Personally, I wouldn't advise it. I carry my own secure mifi with me wherever I go just for that very reason.
Best Regards - Mel | | Semper Fi
User avatar
Mel Lindauer
Moderator
 
Posts: 21983
Joined: Mon Feb 19, 2007 9:49 pm
Location: Daytona Beach Shores, Florida

Re: Unsecured wifi

Postby WendyW » Sun Apr 28, 2013 11:44 pm

Anything is theoretically possible.

In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.

If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
Last edited by WendyW on Mon Apr 29, 2013 12:01 am, edited 1 time in total.
WendyW
 
Posts: 338
Joined: Sat Dec 08, 2012 5:01 pm

Re: Unsecured wifi

Postby RebusCannébus » Sun Apr 28, 2013 11:53 pm

Invest in personal VPN software for a secure connection over an unsecured network.
Peter
RebusCannébus
 
Posts: 79
Joined: Sun Jan 02, 2011 2:34 pm

Re: Unsecured wifi

Postby skylar » Mon Apr 29, 2013 12:00 am

Despite not having link-layer encryption (for wifi this would be something like WPA2), Fidelity still makes you use application-layer encryption (for web applications this is generally HTTPS). HTTPS depends on public key cryptography, where one party has a private key that only they know that they use to encrypt the communication, and a public certificate that is based on that key that will be used to decrypt the communication and ensure that it was actually generated by the party it should have been.

In order to compromise your account information, someone would have to be able to hijack your connection to direct you to the wrong servers (this is definitely possible with unsecured wifi), and have access to Fidelity's private key (obviously Fidelity would protect this like the crown jewels) in order to make your browser think it was talking to someone else. If this were to occur, any properly-configured browser will pop up a big warning that says the communication isn't to be trusted. Unless you force the browser to trust it anyways and give that compromised site your password, you'll be fine.
Last edited by skylar on Mon Apr 29, 2013 12:01 am, edited 1 time in total.
skylar
 
Posts: 186
Joined: Sat Oct 04, 2008 12:28 pm

Re: Unsecured wifi

Postby tfb » Mon Apr 29, 2013 12:01 am

Fidelity uses SSL. Properly established SSL connection is secure over unsecured wifi. See

Is https traffic over an unencrypted wireless network secure?
Harry Sit, taking a break from the forums.
User avatar
tfb
 
Posts: 6675
Joined: Mon Feb 19, 2007 6:46 pm

Re: Unsecured wifi

Postby allwin » Mon Apr 29, 2013 12:27 am

Agree with others, you should be OK using and open wifi as long as you are using SSL connection (i.e. the website where you enter you password begins with https). Things you should be aware of when on open wifi:

1) Make sure that you only use https://... websites whenever you are entering any sensitive information (passwords, credit card numbers etc.). Double check your browser to see that there is a lock symbol and there are no warnings. (Different browsers use different icons/messages -- Chrome shows a green lock right next to the URL). Check the link that tfb posted for more info.
2) If you are using any website without an "https://" url, do assume that potentially anyone [on your network] can read what you can read on the page (emails etc).
3) Even if you are using https, anyone can see which websites (URLs) you are visiting.

Some of these things are true even if you are using secured WIFI, but the risk of someone actually harming you go up a lot more with unsecured wifis. I tend to avoid accessing anything sensitive over unsecured wifi's and if I do, I usually establish a secure VPN connection first (check out the link RebusCannebus posted).
User avatar
allwin
 
Posts: 62
Joined: Mon Jul 07, 2008 4:36 am

Re: Unsecured wifi

Postby stan1 » Mon Apr 29, 2013 12:35 am

musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?


I'm with your wife -- but not due to WiFi security. Not a good idea to decide if you can retire while you are on vacation. Enjoy your time off, come back home, and think through it. If you aren't careful you'll put money down on a condo or timeshare before you leave!
stan1
 
Posts: 3424
Joined: Mon Oct 08, 2007 5:35 pm

Re: Unsecured wifi

Postby NOLA » Mon Apr 29, 2013 12:43 am

Good question. Now, if someone were to steal your information(no matter how it is done), can Fidelity or Vanguard be responsible to pay back money that has been stolen? Kind of like if someone hacks your credit card and uses it?
NOLA
 
Posts: 185
Joined: Sun Jul 10, 2011 2:23 pm

Re: Unsecured wifi

Postby longview » Mon Apr 29, 2013 5:52 am

Go over cell. Use your phone app. (or 3g tablet or whatever).
(To color my comments: my situation is ER trying to make a large portfolio that is 99% taxable last 45 years)
longview
 
Posts: 350
Joined: Wed Mar 19, 2008 6:26 am

Re: Unsecured wifi

Postby Rob5TCP » Mon Apr 29, 2013 9:19 am

While not likely, a man in the middle attack could intercept and give you a false security "lock" .
This is from another Vanguard post on passwords.

http://mason.gmu.edu/~msherif/isa564/pr ... strip2.pdf

As stated, make sure your browser begins with HTTPS.

For Chrome, I use KB SSL enforcer which will force the site to HTTPS if that is available. Not perfect, but
it will help prevent the above attack.

https://chrome.google.com/webstore/deta ... ckof?hl=en
User avatar
Rob5TCP
 
Posts: 1861
Joined: Tue Jun 05, 2007 8:34 pm
Location: New York, NY

Re: Unsecured wifi

Postby Toons » Mon Apr 29, 2013 9:21 am

WendyW wrote:Anything is theoretically possible.

In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.

If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.


+1 :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
Toons
 
Posts: 4133
Joined: Fri Nov 21, 2008 11:20 am
Location: Hills of Tennessee

Re: Unsecured wifi

Postby nisiprius » Mon Apr 29, 2013 9:53 am

Belt-and-suspenders approach. I don't really believe people can steal my password etc. over an https: connection, AND I don't access my financial accounts over wi-fi. Not even in my own home, where my router is supposedly secure. It shows a little lock symbol next to it and I need to tell guests a password, anyway.

I think the big protection is the way brokerage accounts are set up, or at least mine have been. It's not like PayPal or a bank bill-pay option where you can log on and have them transfer money or mail a check to a third party. All you can do from my Vanguard account, and I think my Fidelity account was the same, is to move money between that account and my own bank account. Linking a bank account to a Vanguard account---is a slow transaction taking taking hundreds of millions of milliseconds, and the delivery of physical paper to a geographical address in meatspace. One can concoct movie-script scenarios, Thomas Crown Affair stuff, masterminds and accomplices and staking out my house at 123 Main Street, Gopher Prairie, Winnemac, in order to tweeze an envelope out of a mailbox, but it's all reasonably unlikely.

Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)

I think the bad guys currently can make money much more easily stealing credit card numbers in bulk and using them for a couple of days, than by high-stakes mastermind maneuvers on brokerage accounts.

P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
nisiprius
Advisory Board
 
Posts: 25254
Joined: Thu Jul 26, 2007 10:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Unsecured wifi

Postby ResearchMed » Mon Apr 29, 2013 10:06 am

nisiprius wrote: Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)


And if you've got your money in an IRA, "removing" the money isn't a quick online process even if it's "you".
And if it's in a 401k/403b and you haven't separated, in most cases even YOU can't take the money out, so good luck to the would-be nefarious types.

We've joked about just this thing: "What are they going to do anyway, change the mutual funds?"

Nevertheless, we use what we "think" is more secure than shared non-secure WiFi, such as an AT&T USB device or just the iPhone set as WiFi (for several devices at once - handy!)

nisiprius wrote: P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!


Thanks a LOT Nisiprius! One more thing to put on the "what to worry about list" :shock:
Do I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
:wink:

RM
ResearchMed
 
Posts: 1406
Joined: Sat Dec 27, 2008 12:25 am

Re: Unsecured wifi

Postby Blues » Mon Apr 29, 2013 10:14 am

P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!


Somewhere deep within the bowels of Casa Nisiprius...

Image
“Tactics without strategy is the noise before defeat.” - Sun Tzu | "Everybody has a plan until they get punched in the mouth." - Mike Tyson
User avatar
Blues
 
Posts: 1229
Joined: Wed Dec 10, 2008 12:58 pm

Re: Unsecured wifi

Postby cheese_breath » Mon Apr 29, 2013 10:19 am

In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents.
The surest way to know the future is when it's the past.
User avatar
cheese_breath
 
Posts: 3053
Joined: Wed Sep 14, 2011 8:08 pm

Re: Unsecured wifi

Postby whomever » Mon Apr 29, 2013 12:05 pm

Do I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
:wink:


You'll know you have enough shielding when you can't get a wifi signal :-)
whomever
 
Posts: 189
Joined: Sat Apr 21, 2012 6:21 pm

Re: Unsecured wifi

Postby chaz » Mon Apr 29, 2013 12:20 pm

Blues wrote:
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!


Somewhere deep within the bowels of Casa Nisiprius...

Image

How did you get a pic inside Casa Nisiprius?
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
chaz
 
Posts: 13121
Joined: Tue Feb 27, 2007 3:44 pm

Re: Unsecured wifi

Postby Blues » Mon Apr 29, 2013 12:25 pm

chaz wrote:
Blues wrote:
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!


Somewhere deep within the bowels of Casa Nisiprius...

Image

How did you get a pic inside Casa Nisiprius?


I used to work for the government...'nuff said. :wink:
“Tactics without strategy is the noise before defeat.” - Sun Tzu | "Everybody has a plan until they get punched in the mouth." - Mike Tyson
User avatar
Blues
 
Posts: 1229
Joined: Wed Dec 10, 2008 12:58 pm

Re: Unsecured wifi

Postby Sidney » Mon Apr 29, 2013 12:25 pm

How did you get a pic inside Casa Nisiprius?

Hacked his webcam.
I always wanted to be a procrastinator.
Sidney
 
Posts: 5693
Joined: Thu Mar 08, 2007 7:06 pm

Re: Unsecured wifi

Postby Novine » Mon Apr 29, 2013 12:29 pm

"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."

This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
Novine
 
Posts: 770
Joined: Mon Nov 17, 2008 10:07 pm

Re: Unsecured wifi

Postby Sidney » Mon Apr 29, 2013 12:40 pm

Novine wrote:"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."

This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.

Agree. If it is something quick, I use a dedicated Windows user that has very limited rights on the machine. If it is something more substantial, I use a bootable Linux flash drive.
I always wanted to be a procrastinator.
Sidney
 
Posts: 5693
Joined: Thu Mar 08, 2007 7:06 pm

Re: Unsecured wifi

Postby otbricki » Mon Apr 29, 2013 1:36 pm

It's a question of how much you trust your computer expertise. Once you have an SSL session established you should be ok. The vulnerability that is present is the possibility you could be fooled by a malicious network into believing you have an SSL connection when you don't.

So if you are going to try such a thing learn the signs that indicate a spoofing attempt is in progress and install plugins that help you detect without a doubt the presence of an SSL connection.
otbricki
 
Posts: 102
Joined: Mon Apr 08, 2013 2:28 pm

Re: Unsecured wifi

Postby musbane » Mon Apr 29, 2013 2:16 pm

Well, thank you all for the advice.

It seems that if I know what I am doing there is little risk.

But I DON'T know whai I am doing and the downside of even a small risk is so bad...

So I guess I'll have to do what my wife says (why does it always... oh never mind).

The heck with it, I'm going fishing.
musbane
 
Posts: 334
Joined: Sun Oct 26, 2008 12:14 pm

Re: Unsecured wifi

Postby cheese_breath » Mon Apr 29, 2013 3:47 pm

musbane wrote:So I guess I'll have to do what my wife says.

That's a good husband. It's always best to do what the wife says. :wink:
The surest way to know the future is when it's the past.
User avatar
cheese_breath
 
Posts: 3053
Joined: Wed Sep 14, 2011 8:08 pm

Re: Unsecured wifi

Postby chaz » Mon Apr 29, 2013 4:05 pm

cheese_breath wrote:
musbane wrote:So I guess I'll have to do what my wife says.

That's a good husband. It's always best to do what the wife says. :wink:

A happy wife leads to a happy life.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
chaz
 
Posts: 13121
Joined: Tue Feb 27, 2007 3:44 pm

Re: Unsecured wifi

Postby debtroundup » Mon Apr 29, 2013 6:53 pm

You can use unsecured wireless and you should be ok as long as you don't have any malware on your machine. If there is something like a keystroke logger, then you could be in trouble, but I think you will be ok. As long as you have security software on your machine, then I would go ahead and do it.
debtroundup
 
Posts: 2
Joined: Mon Apr 29, 2013 6:48 pm

Re: Unsecured wifi

Postby ogd » Mon Apr 29, 2013 8:30 pm

musbane,

If you access the site over HTTPS and you pay attention to the lock icon, you will be okay even over unsecured wifi. Breaking the HTTPs trust/encryption chain is one of the hardest avenues of attack that I can think of, it was designed for unsecured links and still pretty good at it after all these years. To make sure you're using https and the website is spelled properly (the URL is part of the chain of trust), I suggest typing https://fidelity.com manually or using a bookmark.

Oddly enough, it's the normal surfing that you should be most afraid of. It's much easier for an attacker to inject malware over a plain http link to some news website, then later on grab your Fido password with a keylogger. The second part can occur even when you're back home, secure Wifi or not doesn't make a difference. So keeping your eyes open and your computer secure is the most important thing.
User avatar
ogd
 
Posts: 2199
Joined: Fri Jun 15, 2012 12:43 am

Re: Unsecured wifi

Postby Calm Man » Mon Apr 29, 2013 9:14 pm

I agree with an earlier poster that if I were in Mexico (which I never again would having been there on "vacation" once) a wifi steal would be of less concern to me than being killed or kidnapped! But presuming you survive intact, why is it so essential for your wife to check her Fidelity account for the few days you are on vacation? And I am not tech savvy, but you are in an area of thieves and I wouldn't use an unsecured or even secured network.
Calm Man
 
Posts: 2691
Joined: Wed Sep 19, 2012 10:35 am

Re: Unsecured wifi

Postby genjix » Tue Apr 30, 2013 1:51 pm

I would NEVER do banking on a shared wireless network. Somone can easily be on that network running wireshark on their laptop sniffing and capturing passwords very very easily. Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you. Its like having a moat around your house but the burglar is on the same side of the moat as you. Only in internet world he can easily get out too. It would be safer using cell phone on 4G or whatever they have there.

They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
genjix
 
Posts: 153
Joined: Sat Mar 12, 2011 3:51 pm

Re: Unsecured wifi

Postby ogd » Tue Apr 30, 2013 2:07 pm

genjix wrote:Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you.


Yes, it does. SSL traffic is secure as soon as it leaves the browser. If the browser/OS is not compromised, you're fine.

genjix wrote:They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.


This is true irrespective of whether you bank or not over the insecure connection. In fact, surfing non-https probably makes breaking into your computer slightly easier.
User avatar
ogd
 
Posts: 2199
Joined: Fri Jun 15, 2012 12:43 am

Re: Unsecured wifi

Postby jebmke » Tue Apr 30, 2013 2:08 pm

Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default

when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.


Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!
When you discover that you are riding a dead horse, the best strategy is to dismount.
jebmke
 
Posts: 2808
Joined: Thu Apr 05, 2007 3:44 pm

Re: Unsecured wifi

Postby chaz » Tue Apr 30, 2013 2:22 pm

jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default

when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.


Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!

Those words were written by a security expert, not by a Chase employee.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
chaz
 
Posts: 13121
Joined: Tue Feb 27, 2007 3:44 pm

Re: Unsecured wifi

Postby musbane » Tue Apr 30, 2013 10:55 pm

I seem to have given some wrong impressions. Sorry. I'm really, really lazy.

1. I' m not on vacation. I'm 65 and have been retired for a dozen years.

2. No pension, no annuity, no social security till 70, no other income.

3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
As a Boglehead, I know that I've set it and should forget it, but 5 months is tough.

4. I know about the news reports you all get but I feel safer than I would in most parts of the US.
I think Baja Sur is different.

5. I seriously thank all of you. I don't know where on Earth I could get such good honest advice. Even if I don't understand all of it, my wife does.

6. I really am going fishing tomorrow at dawn. I'll let you know how it works out. :wink:
musbane
 
Posts: 334
Joined: Sun Oct 26, 2008 12:14 pm

Re: Unsecured wifi

Postby dziuniek » Thu May 02, 2013 1:51 pm

I wouldn't do it.

Just because a website has uses SSL, that only coveres one potentail risk.
If someone gains contreol of your PC, they can simply install a key-logger, which in turn will capture every key pressed...

For Example:

www.fidelity.com

username

password

etc...

So say you get online to check your bank, investments, 401k, your return flight info.
Watch your accounts dwindle while you're on the flight back.

Just one nightmare scenario. :)
dziuniek
 
Posts: 62
Joined: Mon Jul 23, 2012 3:54 pm

Re: Unsecured wifi

Postby 22twain » Thu May 02, 2013 4:40 pm

jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default

when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.


But that leaves you vulnerable to phishing!
22twain
 
Posts: 498
Joined: Thu May 10, 2012 6:42 pm

Re: Unsecured wifi

Postby ResearchMed » Thu May 02, 2013 4:50 pm

22twain wrote:
jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default

when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.


But that leaves you vulnerable to phishing!


GOOD ONE! :D
ResearchMed
 
Posts: 1406
Joined: Sat Dec 27, 2008 12:25 am

Re: Unsecured wifi

Postby Mel Lindauer » Thu May 02, 2013 5:04 pm

ResearchMed wrote:
22twain wrote:
jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default

when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.


But that leaves you vulnerable to phishing!


GOOD ONE! :D


Yes, definitely very cute and clever!
Best Regards - Mel | | Semper Fi
User avatar
Mel Lindauer
Moderator
 
Posts: 21983
Joined: Mon Feb 19, 2007 9:49 pm
Location: Daytona Beach Shores, Florida

Re: Unsecured wifi

Postby frugaltype » Thu May 02, 2013 5:11 pm

musbane wrote:3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.


Five months! and no data. I'd go nuts. Can you phone in and get your account information by voice? I haven't used phone access to a financial institution in I forget how long, but maybe they do that.
User avatar
frugaltype
 
Posts: 1952
Joined: Wed Apr 24, 2013 10:07 am

Re: Unsecured wifi

Postby bluemarlin08 » Thu May 02, 2013 5:51 pm

Initially, my router was setup using unsecured. How can I change that?
bluemarlin08
 
Posts: 1483
Joined: Wed Aug 29, 2007 1:18 pm

Re: Unsecured wifi

Postby Bill Bernstein » Thu May 02, 2013 9:41 pm

One more layer of protection if you're on a public network, a real Boglehead move: buy yourself a cheap used reliable Laptop (Thinkpad X40s are my faves) and install and learn how to use Linux. Lubuntu is fast, simple, feels almost like Windows, and no one in their right mind writes malware for it.

Bill
Bill Bernstein
 
Posts: 426
Joined: Sat Jun 23, 2007 1:47 am

Re: Unsecured wifi

Postby LadyGeek » Thu May 02, 2013 9:58 pm

This thread is now in the Personal Consumer Issues forum (computer security).

No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.

Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
LadyGeek
Site Admin
 
Posts: 18516
Joined: Sat Dec 20, 2008 6:34 pm
Location: Philadelphia

Re: Unsecured wifi

Postby Rob5TCP » Thu May 02, 2013 10:12 pm

LadyGeek wrote:This thread is now in the Personal Consumer Issues forum (computer security).

No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.

Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.



I use true crypt for all critical files on my flash drive. The one concern I have. They have not updated true crypt in 15 months and even the website has not been touched in 3 months. I would rather pay and know the company or shareware group will be around to continue supporting.
User avatar
Rob5TCP
 
Posts: 1861
Joined: Tue Jun 05, 2007 8:34 pm
Location: New York, NY

Re: Unsecured wifi

Postby frugaltype » Fri May 03, 2013 7:11 am

LadyGeek wrote:No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.


Just to note that when I have to discard a drive, I always mash it with a hammer first.
User avatar
frugaltype
 
Posts: 1952
Joined: Wed Apr 24, 2013 10:07 am

Re: Unsecured wifi

Postby Equitius » Fri May 03, 2013 7:15 am

musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?


While the connection itself can be sniffed, your connected to Fidelity undoubtedly uses SSL encryption, so all data to and from FIDO is safe, assuming your computer is itself not compromised and there is no man-in-the-middle attack, which is unlikely in this case, IMO.

Image
User avatar
Equitius
 
Posts: 32
Joined: Sat Apr 27, 2013 7:32 am

Re: Unsecured wifi

Postby Equitius » Fri May 03, 2013 7:21 am

Rob5TCP wrote:I use true crypt for all critical files on my flash drive. The one concern I have. They have not updated true crypt in 15 months and even the website has not been touched in 3 months. I would rather pay and know the company or shareware group will be around to continue supporting.


I have also used DiskCryptor, which is an open source partition encryption solution.

http://diskcryptor.net/wiki/Main_Page/en

To date, there has been no known comprehensive review of the source code by a qualified cryptographer of TrueCrypt. Thorough security code review and testing is hard, tedious, and painstaking work, and very few people have the skills to do it. There was, however, a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks. (See: http://yro.slashdot.org/story/08/07/17/ ... eniability.)
User avatar
Equitius
 
Posts: 32
Joined: Sat Apr 27, 2013 7:32 am

Re: Unsecured wifi

Postby LadyGeek » Fri May 03, 2013 4:10 pm

To get somewhat back on track, my vacation spot has unsecured wi-fi. Never mind the question of why I have my laptop on vacation :wink:, but I have physical access to the router. I always bring an ethernet cable with me.

How long did it take me to hard-wire connect my laptop, find the default password (via google search online), access the admin login, and disable wireless access? 30 seconds. Add a few more seconds to change the default password.

I put everything back the way I found it when I left.
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
LadyGeek
Site Admin
 
Posts: 18516
Joined: Sat Dec 20, 2008 6:34 pm
Location: Philadelphia

Re: Unsecured wifi

Postby Sidney » Fri May 03, 2013 4:31 pm

LadyGeek wrote:
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.

I have used TC for about 4 years now. I keep the TC file on a separate OS partition. The TC file includes all my regular data plus the profile folders for my Thunderbird and Firefox apps. That way, if my laptop ends up somewhere in the wrong hands, even the bookmarks and emails are locked away. I keep my music files outside the TC file along with some decoy "data files" (I think this was your tip).
I always wanted to be a procrastinator.
Sidney
 
Posts: 5693
Joined: Thu Mar 08, 2007 7:06 pm

Re: Unsecured wifi

Postby johnubc » Fri May 03, 2013 4:54 pm

The misinformation here is surprising.

At long as you are using HTTPS, you will be ok wrt the username and password (as well as the data). Make sure that the site actually uses HTTPS for the login - most sites that use 'advanced' authentication will prompt for the password on a second web page, not on the initial page.
johnubc
 
Posts: 334
Joined: Wed Jan 06, 2010 7:54 am

Next

Return to Personal Consumer Issues

Who is online

Users browsing this forum: bertilak and 26 guests