Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Surfing in Public Places Is A Way to Court Trouble

Posted by ryuzaki0 on from the just-a-gentle-reminder dept.

We had a story come in from the New York Times reminding people that web surfing in public places Is a way to court trouble. There's nothing in the story that is anything hugely new - but it does lead to an interesting question. What's the worst "on the road" security setups you've seen?

5 of 274 comments (clear)

  1. Public websurfing by SoVeryTired · · Score: 5, Informative
    Public websurfing is an inherently dangerous thing to do. If you don't believe me, check out the "security now" article on ARP cache poisoning.

    http://www.grc.com/nat/arp.htm

    It's the scariest thing I've seen since the last time I was tricked into clicking a link to Goatse.

    --
    Slashdot: news for Apple. Stuff that Apple.
  2. TFA is uninformed by Facekhan · · Score: 4, Informative
    These software programs are called packet sniffers and many can be downloaded free online. They are typically set up to capture passwords, credit card numbers and bank account information -- which is why Mr. Vamosi says shopping on the Web is not a great way to kill time during a flight delay.

    "Where I'd draw the line is putting in your bank account information or credit card number," he said, adding that checking e-mail messages probably is not that risky, but if you want to be cautious, change your password once you are on a secure connection again.


    When you shop on the web, nearly all online stores will be encrypting your credit card and other information needed to checkout. There may be some debate as to whether they implemented it properly and one should use caution but in general SSL is gonna have you covered. Checking your email, at least with a pop3 client is among the worst things you can do on an unsecured hotspot because far too many email services still don't use encryption for the password exchange. In addition very few email services pop3 or webmail encrypt the messages so basically if you are reading your email, so is someone else. Email is one of the few services that you can still expect to see someones password come up in plaintext. Even AIM doesn't do that anymore although the messages are in plaintext unless SecureIM has been turned on for you and the person you are chatting with.
  3. Virtual *Private* Network by NixLuver · · Score: 4, Informative

    It's not a VPN if it's not encrypted, it's just a tunnel. The Private is the important thing. A VPN is a system for creating secure private networks over 'unfriendly' or 'unsecured' networks.

    --
    Thinking outside my Head
  4. Re:Denver Airport by Crisavec · · Score: 5, Informative

    He wouldn't have seen/done much, as there is NO North Concourse at DIA. There's Terminal East and West(same building, different sides) and then Concourses A, B and C. Baggage is in the main Terminal.

  5. Consider the three basic VPN security methods by postbigbang · · Score: 4, Informative

    PPTP uses a hash. It's tough to crack, save very early editions, which were like wet paper.

    IPSec VPNs use a seed of some kind (they vary according to the implementation) or use a temporal key.

    SSL uses a nice scheme that's difficult to crunch.

    NONE OF THEM, however, protect against keyloggers and their variants. If you look at the wire or air with a sniffing device, however, you'll need to have cracked whatever encryption scheme has been implemented. IPSec with a TKIP/RADIUS-based authentication method is pretty tough to break.... unless you have a keylogger someplace or you can dictionary-attack weak stuff.

    --
    ---- Teach Peace. It's Cheaper Than War.