Problems? See this thread at archive.org.
Hi! Just bought a notebook with wireless integrated.I first went with it at the public library.They offer Internet wi-fi but their network is unsecure.If I use my notebook there and get to my e-mail account,is there a risk to see my password stolen?And if yes,is there anything one can do other than(I have the XP firewall,Norton anti-virus)at the notebook end to prevent thief(encryption???)The same thing happen this morning.I'm now on a trip in my RV and while park on the street,did switch it "on" to discover there was 6 wireless network available,2 of which where unsecure(so available for me).I'm I right to think that there is no safe way to use that for e-mails and maybe even worst that when you're connected to an unsecure network,you're vulnerable to see spyware install in your notebook or worst...they can steal stuff from your hard-drive?Thanks.
-
-
Well there is always that chance that some one can hack into your stuff, but now a days, sites use SSL which in other words, is protection in most areas. Like it covers email, passwords, and important entrys. If you use a firefox browser, the address bar is orange, if you use IE, i dont know where it says but it will say on that page SSL. That is really really odd that a library is unsecured. That sounds pretty strange.
Has for hacking into your harddrive, you have to be on a network and in this case, your ip address has to be right so another computer and see you. Also it has to be in whats called a work group so thats not a chance either.
BTW: Dont use networks that your not sure of, i assume really you used one of those networks since your in your camper and that is a really really bad idea. Never use anyone elses network because it is more dangerous, and its stealing. Im not saying you did but dont do it. -
Thanks for the answer.So you think it's safe to use the unsecure public library network to send e-mails ...as long as SSL show up somewhere on the screen?
By the way,I guess the library doesn't have much choice...if they want everybody to have access to it...it can't be secure unless they would provide the password somewhere for everybody to see which would be no better than being unsecure...right? -
With MSIE, the two ways to tell that a site is using SSL (which means it's encrypted) are the "https" at the start of the address (rather than the more common "http") and the little yellow lock icon in the lower right portion of the window. I prefer Firefox for a variety of reasons, including that it's easier to tell the site is secure because of the colored address bar. But, MSIE is OK, too.
-
Yeah i believe thats only with firefox and not IE and Lesl, you should use firefox, it is much safer than ie.
I also had thoughts on the security to on the same thing you said. -
I Just found this Jeezz! so many acronyms.
Is my data and e-mail secure at a Wi-Fi-FreeSpot?
You should never conduct unsecured transactions that include any account or password information over public hotspots using FTP, email, or the Web. Try to use SSL for email (POP and SMTP), or read your email with a Web browser using an SSL connection. Ask your ISP if they offer SSL secure web-based email.
Glenn Fleishman, author of the book The Wireless Networking Starter Kit, sums it up thusly, " When data leaves your computer, if it's not on an encrypted link, anyone can read everything you send and receive."
Here's what the Wi-Fi Alliance says:
Wireless networks in public areas and "HotSpots" like Internet cafes may not provide any security. Although some service providers do provide this with their custom software, many HotSpots leave all security turned off to make it easier to access and get on the network in the first place. If security is important to you the best way to achieve this when you are connecting back to your office is to use a VPN (Virtual Private Network). If you do not have access to a VPN and security is important, you may want to limit your wireless network use in these areas to non-critical e-mail and basic Internet surfing.
Also found that...again,full of acronyms.
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, which is considered an adequate degree of encryption for commercial exchange.
Suppose you use a Netscape browser to visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.
HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. SSL is an open, nonproprietary protocol that Netscape has proposed as a standard to the World Wide Consortium (W3C). HTTPS is not to be confused with S-HTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT. -
Ooops! I forgot to mention.I've been using computers for...maybe 8 years but that notebook is my vey first own.Never had a computer user manual in the past so many,many things that peoples do all the time..I never did since using public computers all those years..to arrive to the question,is Mozilla a free browser ?And since I can't use my notebook with a secure network,if Mozilla is free can I download it here on a CD in a public computer and then pop the CD in my notebook and then install it...in the notebook?Thanks.
P.S.Firefox and Mozilla are the same thing...right? -
Last...I guess the " https:" thing is something that only shows when...you're on a wireless network...right?
-
Mozilla and Firefox are both free and can be downloaded at www.mozilla.org. They'll both run on your notebook. They are not the same thing. Mozilla is a suite of programs that includes a browser, e-mail client, and other goodies. Firefox is only a browser, but it's their latest and greatest. Go to the site and poke around.
If you're running Windows, you already have the Internet Explorer browser. You can use that to download Firefox without having to download it at the library and burn a CD. But, if you really want to burn the CD, you should be able to load it onto your notebook that way. -
Nope. The "https" will show up no matter how you're connected. It indicates the presence of a server that can handle a secure connection. We're just focusing on it in this thread because it's even more important to have a secure connection to the server when you're transmitting private info (e.g., passwords, bank info, etc.) over a wireless connection because it's much easier to tap into a wireless connection than a wired connection.
-
Thanks Eutychus! I wonder how that "https" ever show up.If you go to yahoo, and then go to your e-mail account and then send a message so nowhere is the "http" ever changing to "https" so that means that my e-mail has never been encrypted...right?and first of all,when you go to yahoo and the "http"(only) is there first that means thta when you type your password then...anybody can get it..maybe I'm totally wrong?
Maybe that "https" thing is only available when your dealing with money,eBay,Paypal stuff???
When you go to Google and type in: https:// and then click on the first link they provided then, you get right through...the Paypal site.
Last,I've try to type in the browser bar https://www.yahoo.com ...never got anywhere but at a http URL -
Well...I now have firefox and I'm now at the university.They have 3 wireless networks available.Only one is unsecure so,I hook up to it and...BINGO! The browser bar is orange and the URL start by "https" .So,did try the same with IE and the URL also start with "https" and there's that little paddlock at the right end of the browser bar but...all this came...without asking and real don't know what knind of URL I would get if I would try to go to Yahoo to check my e-mails
You will say: "just try it man!" Well... that network is unsecure but to use it... you have to provide your student or staff ID and I don't have either :-( -
You can't force a secure connection by typing "https", although that would certainly be nice. If the server offers a secure connection, it will show up. Otherwise, it won't. I usually just start with "www" and let the server tell me if it's secure or not. Some will start with an unsecure connection and then give you the option of going to a secure one.
If Yahoo doesn't show "https" and the lock icon, then the connection is not secure. I don't use Yahoo e-mail, so I can't speak from experience. But, any insecure connection means that whatever you send/receive (passwords, text, credit card numbers, etc.) can be read by anyone who knows how to intercept the data.
You need to decide what risks you're willing to take. Personally, I wouldn't use any e-mail service that isn't secure. And, there's no way I'd do anything online with a financial institution that doesn't offer a secure connection, regardless of whether it's wired or wireless. Fortunately, most financial institutions have secure connections. But, unfortunately, not all e-mail services do. -
It sounds like you're saying that the network you're using allows you to access it by entering your ID. Is that correct? If so, and if there's no security (WEP or WPA) on the network, then anyone can see your ID. Is that important? If they are dumb enough to use your Social Security Number as your ID, that's a HUGE problem. If they use some other number, it's up to you. How private is that ID number supposed to be?
If you do use that unsecure network and access a secure site (https), then your data will be encrypted even though the wireless network is not secure. That means no one can read what you send/receive. But, your computer might be vulnerable to some kinds of attacks. I wouldn't be too quick to join an unsecure network unless I really knew what I was doing with firewalls, file sharing, and such. Let me encourage you to find out how to access your university's secure networks and just use those. It's better to be safe than sorry. -
Thanks Eutychus! Do you know of any free e-mail provider that offer secure services?
Next,you're correct...to use their unsecure network,you have to provide an ID and the ID they ask at the University is your student ID,the same ID you use for using their e-mail service.So,you type the ID and then the password.When you hook up to their unsecure network,you're on a https URL so your ID and password will be encrypted.A student ID is the name of the student,followed by umail.ucsb.edu
Thinking of it...what is an unsecure network??? because that one is protected since only student and staff can get an ID to use it and second,it's protected in the sense that their URL start with https which means(if I understand everything well) that all you will type will be encrypted so,in a way,isn't it a secure network???
I wonder if their e-mail service is encrypted but why to bother,since I can't get a student or staff ID.
But again...when you hook up to a secure network,what is secure is the access,in the sense that a limited amount a persons have access to it but after that...the security is gone.I mean,it's not because you hook up to a secure network that your Yahoo e-mail account,password and messages you will send will be secure.Everybody who has the same access to that secure network could intercept your password and messages...right?
Now...I think I was wrong in the last paragrah since I found this:---WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security.
Knowing this now then,the unsecure University network is really an unsecure one,even though you have to use an ID to get access to it.I wonder now why the public library doesn't offer a WEP network.Maybe a matter of cost? -
Gmail has a secure logon, and it's free.
There are several levels of security to consider:
1) The connection between your computer and the router. If it's wired, it's pretty secure since a hacker would have to be physically attached to the router to be able to see what you're doing. But, most traffic over a wired network is not encyrpted between the computer and server, so it is possible for someone to see it if they are attached to the router. With a wireless connection, it's easier for a hacker to gain access to the network, so it's even more important to encrypt the data between the computer and server. If it is encrypted, a case could be made that it's actually more secure than a wired network without encryption. Note to those prone to argue: I know that there are arguments on both sides of this issue. But, my point is that some would argue that a properly encrypted wireless network can, in some cases, be more secure than an unencrypted wired network.
So, if you're on a wireless network, you definitely want encryption between your computer and the router. The two types commonly used are WEP and WPA. WPA is better. To use either you need to get a "key"(kind of like a password, but not the password you might normally think of) from the system administrator. If you don't have a key, you can't use the network. And, if you can use the network without a key, then it's not encrypted.
2) The connection between your computer and the server (e.g., the big computer at your bank). This is where the https stuff comes in. If that's encrypted (with https it is), then the connection is secure. In that case, even if your wireless connection is not encrypted, no one can see your password, bank account number, etc. But, you're still open to other dangers.
3) Other people on your network. You don't always know who's on the same network and how friendly they might be. So, whenever you are connected to someone else's network, you have to consider what kind of access they might gain to your computer. If file sharing is enabled on your computer, they might be able to do all sorts of nasty things. Passwords for file sharing are helpful (but not easily available on XP Home . . . see below for a caveat). A software firewall is also helpful (I'd say it's essential when you're on someone else's network). If you're on your own home network, and it has WPA (or perhaps WEP) security, then you don't have to worry too much about other people (unless you have real family problems). But, in a school environment you should definitely be careful. Students love to hack.
4) The ID/password situation you refer to isn't really an encryption issue, it's an access issue. The school is controlling who can access the network, but not necessarily encrypting the data. So, while an ID/password to access the network does provide some level of "security," that's not really the issue. Don't rely on that to protect your data. The school is just protecting its bandwidth.
A few other comments:
If the network at your school doesn't require a key, then it's not encrypted. While no one can read your banking info or e-mail if https is used, they still might be able to see other data you transmit/receive. And, whether or not the data is encrypted, they might be able to gain access to your computer.
For those who wonder about my comment about the possibility of password protection for XP Home file sharing: Yes, it's possible in a limited way. Since XP Home uses the Guest account for file sharing access, if you password protect the Guest account, your file sharing is password protected. You have to poke around a bit to password protect the Guest account, but it's not too hard to do (a google search will tell you how). The limitation is that it's only one password for the entire machine. You can't protect some individual files or directories and leave others open, and you can't have different passwords for different files/directories. But, it can be better than nothing for some people. It's also possible to have some level of XP Pro-like file access control with XP Home, but only for users on the same machine. It doesn't work across the network. This is a bit harder to do, but it is possible. A google search and a lot of patience can make it possible. Microsoft doesn't advertize it, but it can be done to some extent. -
Thanks again
Eutychus
! I'm starting to see a bit into that ocean of mud
.As for g-mail,isn't it still offered only to certain guess?
Just found out that now,they are at the stage that you can subscribe if your invited by a friend already using G-mail or,by subscibing with a mobile phone but in both cases...you have to live in the U.S.. -
Well...I now have a Gmail account and for sure,if I use the Mozilla browser,when I login,I can see the brower's bar turns orange but after the login is made...that bar turns back to white so... is that means that now,all I type as a message,is not secure (encrypted) anymore?
wireless danger
Discussion in 'Networking and Wireless' started by Lesl, Nov 16, 2005.
