Unsecured wifi

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Topic Author
musbane
Posts: 393
Joined: Sun Oct 26, 2008 11:14 am

Unsecured wifi

Post by musbane »

So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?
User avatar
cheese_breath
Posts: 11769
Joined: Wed Sep 14, 2011 7:08 pm

Re: Unsecured wifi

Post by cheese_breath »

If your wfi is unsecured that means it is not secure. DUH. It is possible for others to intercept your unencrypted transmissions and possibly, depending on your computer's security software settings, also hack into your computer. I wouldn't want to transmit any sensitive data such as fidelity account number over an unsecured network.
The surest way to know the future is when it becomes the past.
User avatar
Mel Lindauer
Moderator
Posts: 35757
Joined: Mon Feb 19, 2007 7:49 pm
Location: Daytona Beach Shores, Florida
Contact:

Re: Unsecured wifi

Post by Mel Lindauer »

musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?
Obviously you're taking a huge risk that someone will capture your account information, including your password. Who knows what they might be able to do with that information. Personally, I wouldn't advise it. I carry my own secure mifi with me wherever I go just for that very reason.
Best Regards - Mel | | Semper Fi
WendyW
Posts: 345
Joined: Sat Dec 08, 2012 3:01 pm

Re: Unsecured wifi

Post by WendyW »

Anything is theoretically possible.

In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.

If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
Last edited by WendyW on Sun Apr 28, 2013 11:01 pm, edited 1 time in total.
RebusCannébus
Posts: 100
Joined: Sun Jan 02, 2011 12:34 pm

Re: Unsecured wifi

Post by RebusCannébus »

Invest in personal VPN software for a secure connection over an unsecured network.
Peter
skylar
Posts: 314
Joined: Sat Oct 04, 2008 11:28 am

Re: Unsecured wifi

Post by skylar »

Despite not having link-layer encryption (for wifi this would be something like WPA2), Fidelity still makes you use application-layer encryption (for web applications this is generally HTTPS). HTTPS depends on public key cryptography, where one party has a private key that only they know that they use to encrypt the communication, and a public certificate that is based on that key that will be used to decrypt the communication and ensure that it was actually generated by the party it should have been.

In order to compromise your account information, someone would have to be able to hijack your connection to direct you to the wrong servers (this is definitely possible with unsecured wifi), and have access to Fidelity's private key (obviously Fidelity would protect this like the crown jewels) in order to make your browser think it was talking to someone else. If this were to occur, any properly-configured browser will pop up a big warning that says the communication isn't to be trusted. Unless you force the browser to trust it anyways and give that compromised site your password, you'll be fine.
Last edited by skylar on Sun Apr 28, 2013 11:01 pm, edited 1 time in total.
User avatar
tfb
Posts: 8397
Joined: Mon Feb 19, 2007 4:46 pm

Re: Unsecured wifi

Post by tfb »

Fidelity uses SSL. Properly established SSL connection is secure over unsecured wifi. See

Is https traffic over an unencrypted wireless network secure?
Harry Sit has left the forums.
User avatar
allwin
Posts: 115
Joined: Mon Jul 07, 2008 3:36 am

Re: Unsecured wifi

Post by allwin »

Agree with others, you should be OK using and open wifi as long as you are using SSL connection (i.e. the website where you enter you password begins with https). Things you should be aware of when on open wifi:

1) Make sure that you only use https://... websites whenever you are entering any sensitive information (passwords, credit card numbers etc.). Double check your browser to see that there is a lock symbol and there are no warnings. (Different browsers use different icons/messages -- Chrome shows a green lock right next to the URL). Check the link that tfb posted for more info.
2) If you are using any website without an "https://" url, do assume that potentially anyone [on your network] can read what you can read on the page (emails etc).
3) Even if you are using https, anyone can see which websites (URLs) you are visiting.

Some of these things are true even if you are using secured WIFI, but the risk of someone actually harming you go up a lot more with unsecured wifis. I tend to avoid accessing anything sensitive over unsecured wifi's and if I do, I usually establish a secure VPN connection first (check out the link RebusCannebus posted).
stan1
Posts: 14235
Joined: Mon Oct 08, 2007 4:35 pm

Re: Unsecured wifi

Post by stan1 »

musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.

We are in a rental house.

There are like five houses here sharing an unsecured wifi connection.

My wife says that if I access our fido account, we run the risk of losing all our money.

True?
I'm with your wife -- but not due to WiFi security. Not a good idea to decide if you can retire while you are on vacation. Enjoy your time off, come back home, and think through it. If you aren't careful you'll put money down on a condo or timeshare before you leave!
Warning: I am about 80% satisficer (accepting of good enough) and 20% maximizer
NOLA
Posts: 373
Joined: Sun Jul 10, 2011 1:23 pm

Re: Unsecured wifi

Post by NOLA »

Good question. Now, if someone were to steal your information(no matter how it is done), can Fidelity or Vanguard be responsible to pay back money that has been stolen? Kind of like if someone hacks your credit card and uses it?
longview
Posts: 385
Joined: Wed Mar 19, 2008 5:26 am

Re: Unsecured wifi

Post by longview »

Go over cell. Use your phone app. (or 3g tablet or whatever).
(To color my comments: my situation is ER trying to make a large portfolio that is 99% taxable last 45 years)
User avatar
Rob5TCP
Posts: 3811
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Unsecured wifi

Post by Rob5TCP »

While not likely, a man in the middle attack could intercept and give you a false security "lock" .
This is from another Vanguard post on passwords.

http://mason.gmu.edu/~msherif/isa564/pr ... strip2.pdf

As stated, make sure your browser begins with HTTPS.

For Chrome, I use KB SSL enforcer which will force the site to HTTPS if that is available. Not perfect, but
it will help prevent the above attack.

https://chrome.google.com/webstore/deta ... ckof?hl=en
User avatar
Toons
Posts: 14459
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: Unsecured wifi

Post by Toons »

WendyW wrote:Anything is theoretically possible.

In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.

If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
+1 :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
nisiprius
Advisory Board
Posts: 52105
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Unsecured wifi

Post by nisiprius »

Belt-and-suspenders approach. I don't really believe people can steal my password etc. over an https: connection, AND I don't access my financial accounts over wi-fi. Not even in my own home, where my router is supposedly secure. It shows a little lock symbol next to it and I need to tell guests a password, anyway.

I think the big protection is the way brokerage accounts are set up, or at least mine have been. It's not like PayPal or a bank bill-pay option where you can log on and have them transfer money or mail a check to a third party. All you can do from my Vanguard account, and I think my Fidelity account was the same, is to move money between that account and my own bank account. Linking a bank account to a Vanguard account---is a slow transaction taking taking hundreds of millions of milliseconds, and the delivery of physical paper to a geographical address in meatspace. One can concoct movie-script scenarios, Thomas Crown Affair stuff, masterminds and accomplices and staking out my house at 123 Main Street, Gopher Prairie, Winnemac, in order to tweeze an envelope out of a mailbox, but it's all reasonably unlikely.

Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)

I think the bad guys currently can make money much more easily stealing credit card numbers in bulk and using them for a couple of days, than by high-stakes mastermind maneuvers on brokerage accounts.

P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
ResearchMed
Posts: 16767
Joined: Fri Dec 26, 2008 10:25 pm

Re: Unsecured wifi

Post by ResearchMed »

nisiprius wrote: Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)
And if you've got your money in an IRA, "removing" the money isn't a quick online process even if it's "you".
And if it's in a 401k/403b and you haven't separated, in most cases even YOU can't take the money out, so good luck to the would-be nefarious types.

We've joked about just this thing: "What are they going to do anyway, change the mutual funds?"

Nevertheless, we use what we "think" is more secure than shared non-secure WiFi, such as an AT&T USB device or just the iPhone set as WiFi (for several devices at once - handy!)
nisiprius wrote: P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Thanks a LOT Nisiprius! One more thing to put on the "what to worry about list" :shock:
Do I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
:wink:

RM
User avatar
Blues
Posts: 2500
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: Unsecured wifi

Post by Blues »

P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Somewhere deep within the bowels of Casa Nisiprius...

Image
User avatar
cheese_breath
Posts: 11769
Joined: Wed Sep 14, 2011 7:08 pm

Re: Unsecured wifi

Post by cheese_breath »

In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents.
The surest way to know the future is when it becomes the past.
whomever
Posts: 1198
Joined: Sat Apr 21, 2012 5:21 pm

Re: Unsecured wifi

Post by whomever »

Do I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
:wink:
You'll know you have enough shielding when you can't get a wifi signal :-)
chaz
Posts: 13604
Joined: Tue Feb 27, 2007 1:44 pm

Re: Unsecured wifi

Post by chaz »

Blues wrote:
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Somewhere deep within the bowels of Casa Nisiprius...

Image
How did you get a pic inside Casa Nisiprius?
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
User avatar
Blues
Posts: 2500
Joined: Wed Dec 10, 2008 10:58 am
Location: Blue Ridge Mtns

Re: Unsecured wifi

Post by Blues »

chaz wrote:
Blues wrote:
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Somewhere deep within the bowels of Casa Nisiprius...

Image
How did you get a pic inside Casa Nisiprius?
I used to work for the government...'nuff said. :wink:
Sidney
Posts: 6784
Joined: Thu Mar 08, 2007 5:06 pm

Re: Unsecured wifi

Post by Sidney »

How did you get a pic inside Casa Nisiprius?
Hacked his webcam.
I always wanted to be a procrastinator.
Novine
Posts: 1240
Joined: Mon Nov 17, 2008 8:07 pm

Re: Unsecured wifi

Post by Novine »

"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."

This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
Sidney
Posts: 6784
Joined: Thu Mar 08, 2007 5:06 pm

Re: Unsecured wifi

Post by Sidney »

Novine wrote:"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."

This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
Agree. If it is something quick, I use a dedicated Windows user that has very limited rights on the machine. If it is something more substantial, I use a bootable Linux flash drive.
I always wanted to be a procrastinator.
otbricki
Posts: 102
Joined: Mon Apr 08, 2013 1:28 pm

Re: Unsecured wifi

Post by otbricki »

It's a question of how much you trust your computer expertise. Once you have an SSL session established you should be ok. The vulnerability that is present is the possibility you could be fooled by a malicious network into believing you have an SSL connection when you don't.

So if you are going to try such a thing learn the signs that indicate a spoofing attempt is in progress and install plugins that help you detect without a doubt the presence of an SSL connection.
Topic Author
musbane
Posts: 393
Joined: Sun Oct 26, 2008 11:14 am

Re: Unsecured wifi

Post by musbane »

Well, thank you all for the advice.

It seems that if I know what I am doing there is little risk.

But I DON'T know whai I am doing and the downside of even a small risk is so bad...

So I guess I'll have to do what my wife says (why does it always... oh never mind).

The heck with it, I'm going fishing.
User avatar
cheese_breath
Posts: 11769
Joined: Wed Sep 14, 2011 7:08 pm

Re: Unsecured wifi

Post by cheese_breath »

musbane wrote:So I guess I'll have to do what my wife says.
That's a good husband. It's always best to do what the wife says. :wink:
The surest way to know the future is when it becomes the past.
chaz
Posts: 13604
Joined: Tue Feb 27, 2007 1:44 pm

Re: Unsecured wifi

Post by chaz »

cheese_breath wrote:
musbane wrote:So I guess I'll have to do what my wife says.
That's a good husband. It's always best to do what the wife says. :wink:
A happy wife leads to a happy life.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
debtroundup
Posts: 2
Joined: Mon Apr 29, 2013 5:48 pm

Re: Unsecured wifi

Post by debtroundup »

You can use unsecured wireless and you should be ok as long as you don't have any malware on your machine. If there is something like a keystroke logger, then you could be in trouble, but I think you will be ok. As long as you have security software on your machine, then I would go ahead and do it.
User avatar
ogd
Posts: 4876
Joined: Thu Jun 14, 2012 11:43 pm

Re: Unsecured wifi

Post by ogd »

musbane,

If you access the site over HTTPS and you pay attention to the lock icon, you will be okay even over unsecured wifi. Breaking the HTTPs trust/encryption chain is one of the hardest avenues of attack that I can think of, it was designed for unsecured links and still pretty good at it after all these years. To make sure you're using https and the website is spelled properly (the URL is part of the chain of trust), I suggest typing https://fidelity.com manually or using a bookmark.

Oddly enough, it's the normal surfing that you should be most afraid of. It's much easier for an attacker to inject malware over a plain http link to some news website, then later on grab your Fido password with a keylogger. The second part can occur even when you're back home, secure Wifi or not doesn't make a difference. So keeping your eyes open and your computer secure is the most important thing.
Calm Man
Posts: 2917
Joined: Wed Sep 19, 2012 9:35 am

Re: Unsecured wifi

Post by Calm Man »

I agree with an earlier poster that if I were in Mexico (which I never again would having been there on "vacation" once) a wifi steal would be of less concern to me than being killed or kidnapped! But presuming you survive intact, why is it so essential for your wife to check her Fidelity account for the few days you are on vacation? And I am not tech savvy, but you are in an area of thieves and I wouldn't use an unsecured or even secured network.
genjix
Posts: 267
Joined: Sat Mar 12, 2011 1:51 pm

Re: Unsecured wifi

Post by genjix »

I would NEVER do banking on a shared wireless network. Somone can easily be on that network running wireshark on their laptop sniffing and capturing passwords very very easily. Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you. Its like having a moat around your house but the burglar is on the same side of the moat as you. Only in internet world he can easily get out too. It would be safer using cell phone on 4G or whatever they have there.

They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
User avatar
ogd
Posts: 4876
Joined: Thu Jun 14, 2012 11:43 pm

Re: Unsecured wifi

Post by ogd »

genjix wrote:Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you.
Yes, it does. SSL traffic is secure as soon as it leaves the browser. If the browser/OS is not compromised, you're fine.
genjix wrote:They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
This is true irrespective of whether you bank or not over the insecure connection. In fact, surfing non-https probably makes breaking into your computer slightly easier.
jebmke
Posts: 25271
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Unsecured wifi

Post by jebmke »

Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!
Stay hydrated; don't sweat the small stuff
chaz
Posts: 13604
Joined: Tue Feb 27, 2007 1:44 pm

Re: Unsecured wifi

Post by chaz »

jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!
Those words were written by a security expert, not by a Chase employee.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
Topic Author
musbane
Posts: 393
Joined: Sun Oct 26, 2008 11:14 am

Re: Unsecured wifi

Post by musbane »

I seem to have given some wrong impressions. Sorry. I'm really, really lazy.

1. I' m not on vacation. I'm 65 and have been retired for a dozen years.

2. No pension, no annuity, no social security till 70, no other income.

3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
As a Boglehead, I know that I've set it and should forget it, but 5 months is tough.

4. I know about the news reports you all get but I feel safer than I would in most parts of the US.
I think Baja Sur is different.

5. I seriously thank all of you. I don't know where on Earth I could get such good honest advice. Even if I don't understand all of it, my wife does.

6. I really am going fishing tomorrow at dawn. I'll let you know how it works out. :wink:
User avatar
dziuniek
Posts: 1402
Joined: Mon Jul 23, 2012 2:54 pm

Re: Unsecured wifi

Post by dziuniek »

I wouldn't do it.

Just because a website has uses SSL, that only coveres one potentail risk.
If someone gains contreol of your PC, they can simply install a key-logger, which in turn will capture every key pressed...

For Example:

www.fidelity.com

username

password

etc...

So say you get online to check your bank, investments, 401k, your return flight info.
Watch your accounts dwindle while you're on the flight back.

Just one nightmare scenario. :)
Get rich or die tryin'
User avatar
22twain
Posts: 4016
Joined: Thu May 10, 2012 5:42 pm

Re: Unsecured wifi

Post by 22twain »

jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
But that leaves you vulnerable to phishing!
Meet my pet, Peeve, who loves to convert non-acronyms into acronyms: FED, ROTH, CASH, IVY, ...
User avatar
ResearchMed
Posts: 16767
Joined: Fri Dec 26, 2008 10:25 pm

Re: Unsecured wifi

Post by ResearchMed »

22twain wrote:
jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
But that leaves you vulnerable to phishing!
GOOD ONE! :D
User avatar
Mel Lindauer
Moderator
Posts: 35757
Joined: Mon Feb 19, 2007 7:49 pm
Location: Daytona Beach Shores, Florida
Contact:

Re: Unsecured wifi

Post by Mel Lindauer »

ResearchMed wrote:
22twain wrote:
jebmke wrote:Chase has issued some guidance on this:

http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
But that leaves you vulnerable to phishing!
GOOD ONE! :D
Yes, definitely very cute and clever!
Best Regards - Mel | | Semper Fi
User avatar
frugaltype
Posts: 1952
Joined: Wed Apr 24, 2013 9:07 am

Re: Unsecured wifi

Post by frugaltype »

musbane wrote: 3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
Five months! and no data. I'd go nuts. Can you phone in and get your account information by voice? I haven't used phone access to a financial institution in I forget how long, but maybe they do that.
bluemarlin08
Posts: 1561
Joined: Wed Aug 29, 2007 12:18 pm

Re: Unsecured wifi

Post by bluemarlin08 »

Initially, my router was setup using unsecured. How can I change that?
Bill Bernstein
Posts: 853
Joined: Sat Jun 23, 2007 12:47 am

Re: Unsecured wifi

Post by Bill Bernstein »

One more layer of protection if you're on a public network, a real Boglehead move: buy yourself a cheap used reliable Laptop (Thinkpad X40s are my faves) and install and learn how to use Linux. Lubuntu is fast, simple, feels almost like Windows, and no one in their right mind writes malware for it.

Bill
User avatar
LadyGeek
Site Admin
Posts: 95466
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Unsecured wifi

Post by LadyGeek »

This thread is now in the Personal Consumer Issues forum (computer security).

No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.

Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
Rob5TCP
Posts: 3811
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Unsecured wifi

Post by Rob5TCP »

LadyGeek wrote:This thread is now in the Personal Consumer Issues forum (computer security).

No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.

Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.

I use true crypt for all critical files on my flash drive. The one concern I have. They have not updated true crypt in 15 months and even the website has not been touched in 3 months. I would rather pay and know the company or shareware group will be around to continue supporting.
User avatar
frugaltype
Posts: 1952
Joined: Wed Apr 24, 2013 9:07 am

Re: Unsecured wifi

Post by frugaltype »

LadyGeek wrote:No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.
Just to note that when I have to discard a drive, I always mash it with a hammer first.
Equitius
Posts: 119
Joined: Sat Apr 27, 2013 6:32 am

Re: Unsecured wifi

Post by Equitius »

.....
Last edited by Equitius on Mon Jan 11, 2016 9:58 am, edited 1 time in total.
Equitius
Posts: 119
Joined: Sat Apr 27, 2013 6:32 am

Re: Unsecured wifi

Post by Equitius »

.....
Last edited by Equitius on Mon Jan 11, 2016 9:58 am, edited 1 time in total.
User avatar
LadyGeek
Site Admin
Posts: 95466
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Unsecured wifi

Post by LadyGeek »

To get somewhat back on track, my vacation spot has unsecured wi-fi. Never mind the question of why I have my laptop on vacation :wink:, but I have physical access to the router. I always bring an ethernet cable with me.

How long did it take me to hard-wire connect my laptop, find the default password (via google search online), access the admin login, and disable wireless access? 30 seconds. Add a few more seconds to change the default password.

I put everything back the way I found it when I left.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Sidney
Posts: 6784
Joined: Thu Mar 08, 2007 5:06 pm

Re: Unsecured wifi

Post by Sidney »

LadyGeek wrote:
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search

It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
I have used TC for about 4 years now. I keep the TC file on a separate OS partition. The TC file includes all my regular data plus the profile folders for my Thunderbird and Firefox apps. That way, if my laptop ends up somewhere in the wrong hands, even the bookmarks and emails are locked away. I keep my music files outside the TC file along with some decoy "data files" (I think this was your tip).
I always wanted to be a procrastinator.
johnubc
Posts: 870
Joined: Wed Jan 06, 2010 5:54 am

Re: Unsecured wifi

Post by johnubc »

The misinformation here is surprising.

At long as you are using HTTPS, you will be ok wrt the username and password (as well as the data). Make sure that the site actually uses HTTPS for the login - most sites that use 'advanced' authentication will prompt for the password on a second web page, not on the initial page.
Post Reply