Jump to content


Photo

Secured page in unsecured networks


  • Please log in to reply
3 replies to this topic

#1 artcoder

artcoder

    Young Padawan

  • Members
  • Pip
  • 109 posts
  • Location:Planet Earth
  • Interests:Collecting videos at FunAndEducationalVideos.com

Posted 01 February 2007 - 07:50 PM

Question One:
If I'm entering my login and password on a secured page (one with a lock icon and https), will that password be secured if I transmitted it over an public unsecured wireless internet connect -- such as when I have my laptop and wireless card connected to the public library internet connection.

Question Two:
Even if I am entering a login and password on an regular (http page without a lock icon) page of the public wireless network, how risky is it really? How likely is it that my password be captured by a hacker with a network sniffer hanging out at the public library? What do you think? Do you enter your password through the public library network?

#2 U1

U1

    Young Padawan

  • Members
  • Pip
  • 245 posts

Posted 03 February 2007 - 11:23 AM

Question One:
If I'm entering my login and password on a secured page (one with a lock icon and https), will that password be secured if I transmitted it over an public unsecured wireless internet connect -- such as when I have my laptop and wireless card connected to the public library internet connection.

Question Two:
Even if I am entering a login and password on an regular (http page without a lock icon) page of the public wireless network, how risky is it really? How likely is it that my password be captured by a hacker with a network sniffer hanging out at the public library? What do you think? Do you enter your password through the public library network?



No at all, even SSL is not 100%, while many financial institutions and e-commerce sites secure all aspects of the transactions, some sites only encrypt part of the exchange. For example, while Web-based email services such as Yahoo Mail and Gmail encrypt your password by logging you in from an https site, your inbox is available from a nonsecure http site, meaning that others on the hotspot might be able to access your messages.

A potential danger when using public wireless networks are so-called "evil twins," hotspots set up by hackers to collect personal information. A data thief may do this by setting up an open hotspot near a valid one or by simply configuring his or her laptop to transmit a wireless signal. When nearby users check the list of available connections, they'll also see the evil twin. If a users happen to log in to this fraudulent access point, the hacker can track their Internet travels and emails and might be able to access private data they send across the Web, including credit card numbers, some wireless laptops are configured by default to automatically connect to the nearest or strongest signal; you might consider disabling this feature to avoid inadvertently logging in to fraudulent hotspot.

Good Luck

U1

#3 artcoder

artcoder

    Young Padawan

  • Members
  • Pip
  • 109 posts
  • Location:Planet Earth
  • Interests:Collecting videos at FunAndEducationalVideos.com

Posted 03 February 2007 - 01:46 PM

Interesting. I wasn't aware of the "evil twin" exploit. Next time, I will remember to see which network my laptop is connecting to.

#4 U1

U1

    Young Padawan

  • Members
  • Pip
  • 245 posts

Posted 03 February 2007 - 01:50 PM

Yeah good idea, and btw if someone manages to sniff ya online, its not to hard to get your data ;P So make sure you have a decenet firewall and antivirus, Outpost and nod32 are good choices, or even kaspersky!

Edited by Unknown1, 03 February 2007 - 01:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users