Unsecured wifi
Unsecured wifi
So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.
We are in a rental house.
There are like five houses here sharing an unsecured wifi connection.
My wife says that if I access our fido account, we run the risk of losing all our money.
True?
We are in a rental house.
There are like five houses here sharing an unsecured wifi connection.
My wife says that if I access our fido account, we run the risk of losing all our money.
True?
- cheese_breath
- Posts: 11786
- Joined: Wed Sep 14, 2011 7:08 pm
Re: Unsecured wifi
If your wfi is unsecured that means it is not secure. DUH. It is possible for others to intercept your unencrypted transmissions and possibly, depending on your computer's security software settings, also hack into your computer. I wouldn't want to transmit any sensitive data such as fidelity account number over an unsecured network.
The surest way to know the future is when it becomes the past.
- Mel Lindauer
- Moderator
- Posts: 35782
- Joined: Mon Feb 19, 2007 7:49 pm
- Location: Daytona Beach Shores, Florida
- Contact:
Re: Unsecured wifi
Obviously you're taking a huge risk that someone will capture your account information, including your password. Who knows what they might be able to do with that information. Personally, I wouldn't advise it. I carry my own secure mifi with me wherever I go just for that very reason.musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.
We are in a rental house.
There are like five houses here sharing an unsecured wifi connection.
My wife says that if I access our fido account, we run the risk of losing all our money.
True?
Best Regards - Mel |
|
Semper Fi
Re: Unsecured wifi
Anything is theoretically possible.
In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.
If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.
If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
Last edited by WendyW on Sun Apr 28, 2013 11:01 pm, edited 1 time in total.
-
- Posts: 100
- Joined: Sun Jan 02, 2011 12:34 pm
Re: Unsecured wifi
Invest in personal VPN software for a secure connection over an unsecured network.
Peter
Re: Unsecured wifi
Despite not having link-layer encryption (for wifi this would be something like WPA2), Fidelity still makes you use application-layer encryption (for web applications this is generally HTTPS). HTTPS depends on public key cryptography, where one party has a private key that only they know that they use to encrypt the communication, and a public certificate that is based on that key that will be used to decrypt the communication and ensure that it was actually generated by the party it should have been.
In order to compromise your account information, someone would have to be able to hijack your connection to direct you to the wrong servers (this is definitely possible with unsecured wifi), and have access to Fidelity's private key (obviously Fidelity would protect this like the crown jewels) in order to make your browser think it was talking to someone else. If this were to occur, any properly-configured browser will pop up a big warning that says the communication isn't to be trusted. Unless you force the browser to trust it anyways and give that compromised site your password, you'll be fine.
In order to compromise your account information, someone would have to be able to hijack your connection to direct you to the wrong servers (this is definitely possible with unsecured wifi), and have access to Fidelity's private key (obviously Fidelity would protect this like the crown jewels) in order to make your browser think it was talking to someone else. If this were to occur, any properly-configured browser will pop up a big warning that says the communication isn't to be trusted. Unless you force the browser to trust it anyways and give that compromised site your password, you'll be fine.
Last edited by skylar on Sun Apr 28, 2013 11:01 pm, edited 1 time in total.
Re: Unsecured wifi
Fidelity uses SSL. Properly established SSL connection is secure over unsecured wifi. See
Is https traffic over an unencrypted wireless network secure?
Is https traffic over an unencrypted wireless network secure?
Harry Sit has left the forums.
Re: Unsecured wifi
Agree with others, you should be OK using and open wifi as long as you are using SSL connection (i.e. the website where you enter you password begins with https). Things you should be aware of when on open wifi:
1) Make sure that you only use https://... websites whenever you are entering any sensitive information (passwords, credit card numbers etc.). Double check your browser to see that there is a lock symbol and there are no warnings. (Different browsers use different icons/messages -- Chrome shows a green lock right next to the URL). Check the link that tfb posted for more info.
2) If you are using any website without an "https://" url, do assume that potentially anyone [on your network] can read what you can read on the page (emails etc).
3) Even if you are using https, anyone can see which websites (URLs) you are visiting.
Some of these things are true even if you are using secured WIFI, but the risk of someone actually harming you go up a lot more with unsecured wifis. I tend to avoid accessing anything sensitive over unsecured wifi's and if I do, I usually establish a secure VPN connection first (check out the link RebusCannebus posted).
1) Make sure that you only use https://... websites whenever you are entering any sensitive information (passwords, credit card numbers etc.). Double check your browser to see that there is a lock symbol and there are no warnings. (Different browsers use different icons/messages -- Chrome shows a green lock right next to the URL). Check the link that tfb posted for more info.
2) If you are using any website without an "https://" url, do assume that potentially anyone [on your network] can read what you can read on the page (emails etc).
3) Even if you are using https, anyone can see which websites (URLs) you are visiting.
Some of these things are true even if you are using secured WIFI, but the risk of someone actually harming you go up a lot more with unsecured wifis. I tend to avoid accessing anything sensitive over unsecured wifi's and if I do, I usually establish a secure VPN connection first (check out the link RebusCannebus posted).
Re: Unsecured wifi
I'm with your wife -- but not due to WiFi security. Not a good idea to decide if you can retire while you are on vacation. Enjoy your time off, come back home, and think through it. If you aren't careful you'll put money down on a condo or timeshare before you leave!musbane wrote:So, i'm sitting here in southern Baja (east cape) wanting to access my fidelity account to see how long I can keep doing this.
We are in a rental house.
There are like five houses here sharing an unsecured wifi connection.
My wife says that if I access our fido account, we run the risk of losing all our money.
True?
Warning: I am about 80% satisficer (accepting of good enough) and 20% maximizer
Re: Unsecured wifi
Good question. Now, if someone were to steal your information(no matter how it is done), can Fidelity or Vanguard be responsible to pay back money that has been stolen? Kind of like if someone hacks your credit card and uses it?
Re: Unsecured wifi
Go over cell. Use your phone app. (or 3g tablet or whatever).
(To color my comments: my situation is ER trying to make a large portfolio that is 99% taxable last 45 years)
Re: Unsecured wifi
While not likely, a man in the middle attack could intercept and give you a false security "lock" .
This is from another Vanguard post on passwords.
http://mason.gmu.edu/~msherif/isa564/pr ... strip2.pdf
As stated, make sure your browser begins with HTTPS.
For Chrome, I use KB SSL enforcer which will force the site to HTTPS if that is available. Not perfect, but
it will help prevent the above attack.
https://chrome.google.com/webstore/deta ... ckof?hl=en
This is from another Vanguard post on passwords.
http://mason.gmu.edu/~msherif/isa564/pr ... strip2.pdf
As stated, make sure your browser begins with HTTPS.
For Chrome, I use KB SSL enforcer which will force the site to HTTPS if that is available. Not perfect, but
it will help prevent the above attack.
https://chrome.google.com/webstore/deta ... ckof?hl=en
Re: Unsecured wifi
+1WendyW wrote:Anything is theoretically possible.
In reality, I personally would go ahead.
I'd never heard of a case of criminals snooping on Wi-Fi to steal people's logins, nor known anybody that has experienced this.
If I made a list of bad things that might possibly happen to me during a stay in Mexico, this stolen password concern would not crack the top 100.
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
- nisiprius
- Advisory Board
- Posts: 52211
- Joined: Thu Jul 26, 2007 9:33 am
- Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry
Re: Unsecured wifi
Belt-and-suspenders approach. I don't really believe people can steal my password etc. over an https: connection, AND I don't access my financial accounts over wi-fi. Not even in my own home, where my router is supposedly secure. It shows a little lock symbol next to it and I need to tell guests a password, anyway.
I think the big protection is the way brokerage accounts are set up, or at least mine have been. It's not like PayPal or a bank bill-pay option where you can log on and have them transfer money or mail a check to a third party. All you can do from my Vanguard account, and I think my Fidelity account was the same, is to move money between that account and my own bank account. Linking a bank account to a Vanguard account---is a slow transaction taking taking hundreds of millions of milliseconds, and the delivery of physical paper to a geographical address in meatspace. One can concoct movie-script scenarios, Thomas Crown Affair stuff, masterminds and accomplices and staking out my house at 123 Main Street, Gopher Prairie, Winnemac, in order to tweeze an envelope out of a mailbox, but it's all reasonably unlikely.
Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)
I think the bad guys currently can make money much more easily stealing credit card numbers in bulk and using them for a couple of days, than by high-stakes mastermind maneuvers on brokerage accounts.
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
I think the big protection is the way brokerage accounts are set up, or at least mine have been. It's not like PayPal or a bank bill-pay option where you can log on and have them transfer money or mail a check to a third party. All you can do from my Vanguard account, and I think my Fidelity account was the same, is to move money between that account and my own bank account. Linking a bank account to a Vanguard account---is a slow transaction taking taking hundreds of millions of milliseconds, and the delivery of physical paper to a geographical address in meatspace. One can concoct movie-script scenarios, Thomas Crown Affair stuff, masterminds and accomplices and staking out my house at 123 Main Street, Gopher Prairie, Winnemac, in order to tweeze an envelope out of a mailbox, but it's all reasonably unlikely.
Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)
I think the bad guys currently can make money much more easily stealing credit card numbers in bulk and using them for a couple of days, than by high-stakes mastermind maneuvers on brokerage accounts.
P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
- ResearchMed
- Posts: 16795
- Joined: Fri Dec 26, 2008 10:25 pm
Re: Unsecured wifi
And if you've got your money in an IRA, "removing" the money isn't a quick online process even if it's "you".nisiprius wrote: Let's say someone does get into my Vanguard account. What, exactly, are they going to do? Change my asset allocation? Liquidate all my holdings and send the cash to my bank account for the sheer mischief of it? (Yes, someone did once talk about about penny stock manipulators buying a stock cheap and then driving it up by getting stolen accounts to buy huge quantities...)
And if it's in a 401k/403b and you haven't separated, in most cases even YOU can't take the money out, so good luck to the would-be nefarious types.
We've joked about just this thing: "What are they going to do anyway, change the mutual funds?"
Nevertheless, we use what we "think" is more secure than shared non-secure WiFi, such as an AT&T USB device or just the iPhone set as WiFi (for several devices at once - handy!)
Thanks a LOT Nisiprius! One more thing to put on the "what to worry about list"nisiprius wrote: P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Do I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
RM
Re: Unsecured wifi
Somewhere deep within the bowels of Casa Nisiprius...P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
- cheese_breath
- Posts: 11786
- Joined: Wed Sep 14, 2011 7:08 pm
Re: Unsecured wifi
In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents.
The surest way to know the future is when it becomes the past.
Re: Unsecured wifi
You'll know you have enough shielding when you can't get a wifi signalDo I need to sit inside the mesh cage, too, or just stick my arms in copper-coated gloves inside, like in a Grade 4 Bio Lab, etc.?
Re: Unsecured wifi
How did you get a pic inside Casa Nisiprius?Blues wrote:Somewhere deep within the bowels of Casa Nisiprius...P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Chaz |
|
“Money is better than poverty, if only for financial reasons." Woody Allen |
|
http://www.bogleheads.org/wiki/index.php/Main_Page
Re: Unsecured wifi
I used to work for the government...'nuff said.chaz wrote:How did you get a pic inside Casa Nisiprius?Blues wrote:Somewhere deep within the bowels of Casa Nisiprius...P.S. If you really want to feel paranoid, read up on TEMPEST and stray signals and so forth. The keyboard itself emits electrical signals that can be detected at a distance... forget putting tinfoil on your head, but wrap some copper mesh around your keyboard!
Re: Unsecured wifi
Hacked his webcam.How did you get a pic inside Casa Nisiprius?
I always wanted to be a procrastinator.
Re: Unsecured wifi
"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."
This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
Re: Unsecured wifi
Agree. If it is something quick, I use a dedicated Windows user that has very limited rights on the machine. If it is something more substantial, I use a bootable Linux flash drive.Novine wrote:"In spite of the previous comments I feel it's better to be safe than sorry. About a year ago they had a spot on the local TV news where a reporter was in the airport with a computer security expert. The computer guy was sitting there with his laptop open highlighting various user connections on the airport's unsecured wifi and remarking on how easy it would be for him to hack into them if he wanted. He didn't want to, but what about people with possibly more malicious intents."
This is a different issue than the OP's question. Hacking your laptop or mobile device over an unsecured WiFi connection is a legitimate concern. But you secure it in different ways than you do someone sniffing your browser traffic. If you have a Windows OS, at a minimum, you'll have file and print sharing turned off, your Windows firewall turned on and keep Windows and all your applications current with the latest security patches. There's much more you can do depending on how important the data you have on your laptop/mobile device is and how badly you need to keep it secured.
I always wanted to be a procrastinator.
Re: Unsecured wifi
It's a question of how much you trust your computer expertise. Once you have an SSL session established you should be ok. The vulnerability that is present is the possibility you could be fooled by a malicious network into believing you have an SSL connection when you don't.
So if you are going to try such a thing learn the signs that indicate a spoofing attempt is in progress and install plugins that help you detect without a doubt the presence of an SSL connection.
So if you are going to try such a thing learn the signs that indicate a spoofing attempt is in progress and install plugins that help you detect without a doubt the presence of an SSL connection.
Re: Unsecured wifi
Well, thank you all for the advice.
It seems that if I know what I am doing there is little risk.
But I DON'T know whai I am doing and the downside of even a small risk is so bad...
So I guess I'll have to do what my wife says (why does it always... oh never mind).
The heck with it, I'm going fishing.
It seems that if I know what I am doing there is little risk.
But I DON'T know whai I am doing and the downside of even a small risk is so bad...
So I guess I'll have to do what my wife says (why does it always... oh never mind).
The heck with it, I'm going fishing.
- cheese_breath
- Posts: 11786
- Joined: Wed Sep 14, 2011 7:08 pm
Re: Unsecured wifi
That's a good husband. It's always best to do what the wife says.musbane wrote:So I guess I'll have to do what my wife says.
The surest way to know the future is when it becomes the past.
Re: Unsecured wifi
A happy wife leads to a happy life.cheese_breath wrote:That's a good husband. It's always best to do what the wife says.musbane wrote:So I guess I'll have to do what my wife says.
Chaz |
|
“Money is better than poverty, if only for financial reasons." Woody Allen |
|
http://www.bogleheads.org/wiki/index.php/Main_Page
-
- Posts: 2
- Joined: Mon Apr 29, 2013 5:48 pm
Re: Unsecured wifi
You can use unsecured wireless and you should be ok as long as you don't have any malware on your machine. If there is something like a keystroke logger, then you could be in trouble, but I think you will be ok. As long as you have security software on your machine, then I would go ahead and do it.
Re: Unsecured wifi
musbane,
If you access the site over HTTPS and you pay attention to the lock icon, you will be okay even over unsecured wifi. Breaking the HTTPs trust/encryption chain is one of the hardest avenues of attack that I can think of, it was designed for unsecured links and still pretty good at it after all these years. To make sure you're using https and the website is spelled properly (the URL is part of the chain of trust), I suggest typing https://fidelity.com manually or using a bookmark.
Oddly enough, it's the normal surfing that you should be most afraid of. It's much easier for an attacker to inject malware over a plain http link to some news website, then later on grab your Fido password with a keylogger. The second part can occur even when you're back home, secure Wifi or not doesn't make a difference. So keeping your eyes open and your computer secure is the most important thing.
If you access the site over HTTPS and you pay attention to the lock icon, you will be okay even over unsecured wifi. Breaking the HTTPs trust/encryption chain is one of the hardest avenues of attack that I can think of, it was designed for unsecured links and still pretty good at it after all these years. To make sure you're using https and the website is spelled properly (the URL is part of the chain of trust), I suggest typing https://fidelity.com manually or using a bookmark.
Oddly enough, it's the normal surfing that you should be most afraid of. It's much easier for an attacker to inject malware over a plain http link to some news website, then later on grab your Fido password with a keylogger. The second part can occur even when you're back home, secure Wifi or not doesn't make a difference. So keeping your eyes open and your computer secure is the most important thing.
Re: Unsecured wifi
I agree with an earlier poster that if I were in Mexico (which I never again would having been there on "vacation" once) a wifi steal would be of less concern to me than being killed or kidnapped! But presuming you survive intact, why is it so essential for your wife to check her Fidelity account for the few days you are on vacation? And I am not tech savvy, but you are in an area of thieves and I wouldn't use an unsecured or even secured network.
Re: Unsecured wifi
I would NEVER do banking on a shared wireless network. Somone can easily be on that network running wireshark on their laptop sniffing and capturing passwords very very easily. Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you. Its like having a moat around your house but the burglar is on the same side of the moat as you. Only in internet world he can easily get out too. It would be safer using cell phone on 4G or whatever they have there.
They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
Re: Unsecured wifi
Yes, it does. SSL traffic is secure as soon as it leaves the browser. If the browser/OS is not compromised, you're fine.genjix wrote:Secure SSL has no protection if the person sniffing the traffic is on the same side of the firewall as you.
This is true irrespective of whether you bank or not over the insecure connection. In fact, surfing non-https probably makes breaking into your computer slightly easier.genjix wrote:They can also easily do a silent install keystroke recorder over the network on to your computer. and not only are you now in danger while your on that wifi, but even when you go home in the saftey of your own network because the program now lives on your computer.
Re: Unsecured wifi
Chase has issued some guidance on this:
http://www.theonion.com/articles/after- ... ne:default
http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: Unsecured wifi
Those words were written by a security expert, not by a Chase employee.jebmke wrote:Chase has issued some guidance on this:
http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.Many customers ask us if it’s safe to check their bank account at a WiFi hotspot, and while we encourage you to avoid entering your password on public networks, there are simple steps you can take to limit the possibility of compromising your data. For one, disconnect from the hotspot as soon as you finish your session. Two, go into your browser’s settings and click “Delete Cookies.” Three, rip all the wiring from the establishment’s walls and ceilings. Four, douse the premises in gasoline or acetone and set it on fire. And five, immediately reset your password upon returning to a secure network. That’s it!
Chaz |
|
“Money is better than poverty, if only for financial reasons." Woody Allen |
|
http://www.bogleheads.org/wiki/index.php/Main_Page
Re: Unsecured wifi
I seem to have given some wrong impressions. Sorry. I'm really, really lazy.
1. I' m not on vacation. I'm 65 and have been retired for a dozen years.
2. No pension, no annuity, no social security till 70, no other income.
3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
As a Boglehead, I know that I've set it and should forget it, but 5 months is tough.
4. I know about the news reports you all get but I feel safer than I would in most parts of the US.
I think Baja Sur is different.
5. I seriously thank all of you. I don't know where on Earth I could get such good honest advice. Even if I don't understand all of it, my wife does.
6. I really am going fishing tomorrow at dawn. I'll let you know how it works out.
1. I' m not on vacation. I'm 65 and have been retired for a dozen years.
2. No pension, no annuity, no social security till 70, no other income.
3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
As a Boglehead, I know that I've set it and should forget it, but 5 months is tough.
4. I know about the news reports you all get but I feel safer than I would in most parts of the US.
I think Baja Sur is different.
5. I seriously thank all of you. I don't know where on Earth I could get such good honest advice. Even if I don't understand all of it, my wife does.
6. I really am going fishing tomorrow at dawn. I'll let you know how it works out.
Re: Unsecured wifi
I wouldn't do it.
Just because a website has uses SSL, that only coveres one potentail risk.
If someone gains contreol of your PC, they can simply install a key-logger, which in turn will capture every key pressed...
For Example:
www.fidelity.com
username
password
etc...
So say you get online to check your bank, investments, 401k, your return flight info.
Watch your accounts dwindle while you're on the flight back.
Just one nightmare scenario.
Just because a website has uses SSL, that only coveres one potentail risk.
If someone gains contreol of your PC, they can simply install a key-logger, which in turn will capture every key pressed...
For Example:
www.fidelity.com
username
password
etc...
So say you get online to check your bank, investments, 401k, your return flight info.
Watch your accounts dwindle while you're on the flight back.
Just one nightmare scenario.
Get rich or die tryin'
Re: Unsecured wifi
But that leaves you vulnerable to phishing!jebmke wrote:Chase has issued some guidance on this:
http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
Meet my pet, Peeve, who loves to convert non-acronyms into acronyms: FED, ROTH, CASH, IVY, ...
- ResearchMed
- Posts: 16795
- Joined: Fri Dec 26, 2008 10:25 pm
Re: Unsecured wifi
GOOD ONE!22twain wrote:But that leaves you vulnerable to phishing!jebmke wrote:Chase has issued some guidance on this:
http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
- Mel Lindauer
- Moderator
- Posts: 35782
- Joined: Mon Feb 19, 2007 7:49 pm
- Location: Daytona Beach Shores, Florida
- Contact:
Re: Unsecured wifi
Yes, definitely very cute and clever!ResearchMed wrote:GOOD ONE!22twain wrote:But that leaves you vulnerable to phishing!jebmke wrote:Chase has issued some guidance on this:
http://www.theonion.com/articles/after- ... ne:default
when you’re finished with your online banking session, we recommend three simple steps to protect your personal information: log out of your account, close your web browser, and then charter a seafaring vessel to take you 30 miles out into the open ocean and throw your computer overboard.
Best Regards - Mel |
|
Semper Fi
- frugaltype
- Posts: 1952
- Joined: Wed Apr 24, 2013 9:07 am
Re: Unsecured wifi
Five months! and no data. I'd go nuts. Can you phone in and get your account information by voice? I haven't used phone access to a financial institution in I forget how long, but maybe they do that.musbane wrote: 3. Been in Baja for about 5 months now without accessing my finances. So I'm interested in how we're doing.
-
- Posts: 1561
- Joined: Wed Aug 29, 2007 12:18 pm
Re: Unsecured wifi
Initially, my router was setup using unsecured. How can I change that?
-
- Posts: 853
- Joined: Sat Jun 23, 2007 12:47 am
Re: Unsecured wifi
One more layer of protection if you're on a public network, a real Boglehead move: buy yourself a cheap used reliable Laptop (Thinkpad X40s are my faves) and install and learn how to use Linux. Lubuntu is fast, simple, feels almost like Windows, and no one in their right mind writes malware for it.
Bill
Bill
Re: Unsecured wifi
This thread is now in the Personal Consumer Issues forum (computer security).
No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search
It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search
It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
Re: Unsecured wifi
LadyGeek wrote:This thread is now in the Personal Consumer Issues forum (computer security).
No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search
It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
I use true crypt for all critical files on my flash drive. The one concern I have. They have not updated true crypt in 15 months and even the website has not been touched in 3 months. I would rather pay and know the company or shareware group will be around to continue supporting.
- frugaltype
- Posts: 1952
- Joined: Wed Apr 24, 2013 9:07 am
Re: Unsecured wifi
Just to note that when I have to discard a drive, I always mash it with a hammer first.LadyGeek wrote:No one has mentioned the 2nd half of the equation - protecting the data on your laptop (PC). OK, you go out to the middle of the ocean and throw the laptop overboard. Done deal? Nope. You weren't counting on a scuba diver retrieving it before the salt water scuttled it (or extracts the hard drive). Not to mention someone stealing it out of your rental house.
Re: Unsecured wifi
.....
Last edited by Equitius on Mon Jan 11, 2016 9:58 am, edited 1 time in total.
Re: Unsecured wifi
.....
Last edited by Equitius on Mon Jan 11, 2016 9:58 am, edited 1 time in total.
Re: Unsecured wifi
To get somewhat back on track, my vacation spot has unsecured wi-fi. Never mind the question of why I have my laptop on vacation , but I have physical access to the router. I always bring an ethernet cable with me.
How long did it take me to hard-wire connect my laptop, find the default password (via google search online), access the admin login, and disable wireless access? 30 seconds. Add a few more seconds to change the default password.
I put everything back the way I found it when I left.
How long did it take me to hard-wire connect my laptop, find the default password (via google search online), access the admin login, and disable wireless access? 30 seconds. Add a few more seconds to change the default password.
I put everything back the way I found it when I left.
Re: Unsecured wifi
I have used TC for about 4 years now. I keep the TC file on a separate OS partition. The TC file includes all my regular data plus the profile folders for my Thunderbird and Firefox apps. That way, if my laptop ends up somewhere in the wrong hands, even the bookmarks and emails are locked away. I keep my music files outside the TC file along with some decoy "data files" (I think this was your tip).LadyGeek wrote:
Encrypt your sensitive data. Always. I highly recommend TrueCrypt, just search this forum: truecrypt - Google Search
It works in Linux, Windows, and Mac. The same TrueCrypt file can shared among any OS - I share my TrueCrypt file between Linux and Win 7.
I always wanted to be a procrastinator.
Re: Unsecured wifi
The misinformation here is surprising.
At long as you are using HTTPS, you will be ok wrt the username and password (as well as the data). Make sure that the site actually uses HTTPS for the login - most sites that use 'advanced' authentication will prompt for the password on a second web page, not on the initial page.
At long as you are using HTTPS, you will be ok wrt the username and password (as well as the data). Make sure that the site actually uses HTTPS for the login - most sites that use 'advanced' authentication will prompt for the password on a second web page, not on the initial page.