Question One:
If I'm entering my login and password on a secured page (one with a lock icon and https), will that password be secured if I transmitted it over an public unsecured wireless internet connect -- such as when I have my laptop and wireless card connected to the public library internet connection.
Question Two:
Even if I am entering a login and password on an regular (http page without a lock icon) page of the public wireless network, how risky is it really? How likely is it that my password be captured by a hacker with a network sniffer hanging out at the public library? What do you think? Do you enter your password through the public library network?
Full Version: Secured page in unsecured networks
QUOTE(artcoder @ Feb 1 2007, 07:50 PM) 
Question One:
If I'm entering my login and password on a secured page (one with a lock icon and https), will that password be secured if I transmitted it over an public unsecured wireless internet connect -- such as when I have my laptop and wireless card connected to the public library internet connection.
Question Two:
Even if I am entering a login and password on an regular (http page without a lock icon) page of the public wireless network, how risky is it really? How likely is it that my password be captured by a hacker with a network sniffer hanging out at the public library? What do you think? Do you enter your password through the public library network?
If I'm entering my login and password on a secured page (one with a lock icon and https), will that password be secured if I transmitted it over an public unsecured wireless internet connect -- such as when I have my laptop and wireless card connected to the public library internet connection.
Question Two:
Even if I am entering a login and password on an regular (http page without a lock icon) page of the public wireless network, how risky is it really? How likely is it that my password be captured by a hacker with a network sniffer hanging out at the public library? What do you think? Do you enter your password through the public library network?
No at all, even SSL is not 100%, while many financial institutions and e-commerce sites secure all aspects of the transactions, some sites only encrypt part of the exchange. For example, while Web-based email services such as Yahoo Mail and Gmail encrypt your password by logging you in from an https site, your inbox is available from a nonsecure http site, meaning that others on the hotspot might be able to access your messages.
A potential danger when using public wireless networks are so-called "evil twins," hotspots set up by hackers to collect personal information. A data thief may do this by setting up an open hotspot near a valid one or by simply configuring his or her laptop to transmit a wireless signal. When nearby users check the list of available connections, they'll also see the evil twin. If a users happen to log in to this fraudulent access point, the hacker can track their Internet travels and emails and might be able to access private data they send across the Web, including credit card numbers, some wireless laptops are configured by default to automatically connect to the nearest or strongest signal; you might consider disabling this feature to avoid inadvertently logging in to fraudulent hotspot.
Good Luck
U1
Interesting. I wasn't aware of the "evil twin" exploit. Next time, I will remember to see which network my laptop is connecting to.
Yeah good idea, and btw if someone manages to sniff ya online, its not to hard to get your data ;P So make sure you have a decenet firewall and antivirus, Outpost and nod32 are good choices, or even kaspersky!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.