Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problems of Web Surfing in Public Places

Posted by ryuzaki0 on from the whoareyou dept.

Krishna Dagli writes to mention a New York Times article about the dangers of public web surfing. The article looks at the sloppy habits people have when using public terminals, and the issues that using a wireless signal in a public place. From the article: "Michael Sellitto, a graduate student studying international security at Harvard, said that even though he encrypted any sensitive data on his laptop, he planned to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially when using poorly protected networks at cafes and hotels. 'The problem is, the really good people have written sniffer programs so that the less-sophisticated people have access to the same technology,' Mr. Sellitto said. 'Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer.'"

2 of 176 comments (clear)

  1. Glaring technical errors by Anonymous Coward · · Score: 5, Informative

    Just one of several glaring errors: One guy says not to shop online, but reading email is probably ok. WTHeck??? Online shopping is almost universally via ssl these days, which IS safe (as long as you trust your merchant). Reading email is still mostly via unencrypted channels.

    Who wrote this crap?

    1. Re:Glaring technical errors by lars_boegild_thomsen · · Score: 5, Informative

      Who told you ssl is safe? Any computer on the same lan segment - a bit of arp poisoning and you got an efficient man-in-the-middle attach. Then you present the client with a fake ssl certificate made on the fly to look like the original server certificate. No - it will not have the proper signatures by any cert authorities, but honestly - how often do YOU read all the details of a certificate presented to you before you say "Accept"?

      Sounds complicated to do in reality - well there are tools readily available that does EXACTLY what I described above and just about anybody can use them with a few hours of playing around.

      So - you do your SECURE SSL encrypted bank transactions over a public or semi public WIFI network. Anybody with a bit of knowledge can crack the wireless encryptions in a matter of 10 minutes, and sniff ALL traffic - including SSL without you having a clue what is going on.