Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problems of Web Surfing in Public Places

Posted by ryuzaki0 on from the whoareyou dept.

Krishna Dagli writes to mention a New York Times article about the dangers of public web surfing. The article looks at the sloppy habits people have when using public terminals, and the issues that using a wireless signal in a public place. From the article: "Michael Sellitto, a graduate student studying international security at Harvard, said that even though he encrypted any sensitive data on his laptop, he planned to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially when using poorly protected networks at cafes and hotels. 'The problem is, the really good people have written sniffer programs so that the less-sophisticated people have access to the same technology,' Mr. Sellitto said. 'Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer.'"

8 of 176 comments (clear)

  1. Reading sensitive information in public places? by SillyNickName4me · · Score: 4, Insightful

    Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer

    Yeah, but while in a public place, someone looking over your shoulder might be a more realistic worry.

    1. Re:Reading sensitive information in public places? by ms1234 · · Score: 3, Insightful

      Does anyone else than me find it funny that when lcd screen were new people would bitch and moan about the angles from which the screen could be seen was bad and now when you have an almost 180 degree field of vision on the damn things people bitch and moan that others can see whats on their screens and are buying screen protectors?

  2. Auto-login anybody? by minuszero · · Score: 3, Insightful

    How many websites you use have a "log me in automatically" checkbox, ticked by default?

    Bet it's most.

    How many average users do you suppose won't bother/remember to uncheck it?

  3. Re:Man-In-The-Middle Attacks by Vellmont · · Score: 3, Insightful


    Maybe you don't know, but SSL is useless vs local sniffing because of things like ARP Poisonning ect.

    That's why SSL certificates are signed. As long as the certificate issuers are doing their jobs and only giving out signed certificates for www.myURLNameHere.com to the actual owner of www.myURLNameHere.com, and people actually don't complete transactions when a warning of a self-signed certificate comes up, you're fine. The cert issuers are pretty good (I haven't heard of any real problems). Some people do ignore cert warnings, but that's the risk they take. I know to take cert warnings seriously when entering in secure information, so the risks to me are minimal.

    --
    AccountKiller
  4. Not just the owner by grahamsz · · Score: 4, Insightful

    Anyone with a laptop on the same segment or WAP can run their own DHCP server. That way when you connect, there's a very good chance that they can send you connection details first.

    That way they can make themselves into the gateway and from there it's trivial to screw with your traffic.

  5. Re:When used properly by asuffield · · Score: 4, Insightful
    It wouldn't be very difficult for a net cafe owner to set up an MIM attack and have their own self-signed certificate. Your browser *should* throw a warning


    Um, excuse me? All the workstations in the net cafe will have the cafe owner's CA certificate installed, which will validate all the MIM attack certificates for them (assuming that they didn't just have a modified version of firefox installed that lied about the SSL status). SSL is completely and totally worthless when the attacker controls the workstation you are using.

    The only thing SSL does is to ensure that communication between two secure endpoints cannot be accessed by somebody who merely controls the channel between them. It cannot be of any use to you if your endpoint is not secure.
  6. Technically unaware on slashdot? by grrowl · · Score: 3, Insightful

    I wasn't aware the technically uninformed read "News for Nerds" Slashdot.

  7. Re:Just wondering... by fm6 · · Score: 3, Insightful
    Why this obsession with HTTPS?

    They same reason people buy car alarms that will be ignored when they go off, or guns that they don't have the training to use. People want some technological solution to their security problems. They don't want to go through the hassle of doing a real security strategy. The real purpose of most security technology is not to provide security, but to provide the feeling of security.