Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problems of Web Surfing in Public Places

Posted by ryuzaki0 on from the whoareyou dept.

Krishna Dagli writes to mention a New York Times article about the dangers of public web surfing. The article looks at the sloppy habits people have when using public terminals, and the issues that using a wireless signal in a public place. From the article: "Michael Sellitto, a graduate student studying international security at Harvard, said that even though he encrypted any sensitive data on his laptop, he planned to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially when using poorly protected networks at cafes and hotels. 'The problem is, the really good people have written sniffer programs so that the less-sophisticated people have access to the same technology,' Mr. Sellitto said. 'Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer.'"

3 of 176 comments (clear)

  1. Reading sensitive information in public places? by SillyNickName4me · · Score: 4, Insightful

    Say a Microsoft Word document gets transmitted. The sniffer program will collect that and someone could open it up on their computer

    Yeah, but while in a public place, someone looking over your shoulder might be a more realistic worry.

  2. Not just the owner by grahamsz · · Score: 4, Insightful

    Anyone with a laptop on the same segment or WAP can run their own DHCP server. That way when you connect, there's a very good chance that they can send you connection details first.

    That way they can make themselves into the gateway and from there it's trivial to screw with your traffic.

  3. Re:When used properly by asuffield · · Score: 4, Insightful
    It wouldn't be very difficult for a net cafe owner to set up an MIM attack and have their own self-signed certificate. Your browser *should* throw a warning


    Um, excuse me? All the workstations in the net cafe will have the cafe owner's CA certificate installed, which will validate all the MIM attack certificates for them (assuming that they didn't just have a modified version of firefox installed that lied about the SSL status). SSL is completely and totally worthless when the attacker controls the workstation you are using.

    The only thing SSL does is to ensure that communication between two secure endpoints cannot be accessed by somebody who merely controls the channel between them. It cannot be of any use to you if your endpoint is not secure.