I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do, often gaining passwords and private conversations. I saw this once at a conference where someone up on stage was showing the audience everything that was going over the WiFi networks. For instance, did you know that if you’re using many common Instant Messengers that those send your information over WiFi in plain text? I could be sitting next to you watching EVERYTHING you are typing across the Internet.
So, what do you do to keep your stuff confidential? Any tips beyond this excellent article in Security Focus on this topic? By the way, both this article and my geek friend recommended Off-the-Record Messenging if you want to hold private IM conversations over public WiFi networks.
UPDATE: I had a post here about Browzar, but there are some concerns about it so I pulled that part of the post to protect people.
For the über-geek I’d recommend a VPN solutions. Setup a VPN server back home and connect to that from Starbucks, and then surf via your own internet connection. Not as fast, but definately more secure… 🙂
Actually all WiFi networks should use this technique, imo. It’s the only fairly secure way of surfing wirelessly today.
LikeLike
For the über-geek I’d recommend a VPN solutions. Setup a VPN server back home and connect to that from Starbucks, and then surf via your own internet connection. Not as fast, but definately more secure… 🙂
Actually all WiFi networks should use this technique, imo. It’s the only fairly secure way of surfing wirelessly today.
LikeLike
This looks like an interesting way to keep your IMs quiet, at least… http://www.hermann-uwe.de/blog/scatterchat-secure-anonymous-free-cross-platform-instant-messaging-client
LikeLike
This looks like an interesting way to keep your IMs quiet, at least… http://www.hermann-uwe.de/blog/scatterchat-secure-anonymous-free-cross-platform-instant-messaging-client
LikeLike
One way without having to have a vpn setup at home:
http://www.hotspotvpn.com/
LikeLike
One way without having to have a vpn setup at home:
http://www.hotspotvpn.com/
LikeLike
For windows I use WinSSHD (server) and Tunneler (client, free) from BitVise (http://www.bitvise.com/products.html). It’s a very simple SSH solution that nicely sets up the forwarding ports and also access to Terminal Services Client, etc.
For IM, it’s worth remembering that Skype traffic is encrpyted – both voice and chat.
At some conferences there is also the miss-conception that if they provide a WEP key then the traffic is encryped from everyone. Of course, it’s only encryped from those who don’t know the WEP key.
LikeLike
For windows I use WinSSHD (server) and Tunneler (client, free) from BitVise (http://www.bitvise.com/products.html). It’s a very simple SSH solution that nicely sets up the forwarding ports and also access to Terminal Services Client, etc.
For IM, it’s worth remembering that Skype traffic is encrpyted – both voice and chat.
At some conferences there is also the miss-conception that if they provide a WEP key then the traffic is encryped from everyone. Of course, it’s only encryped from those who don’t know the WEP key.
LikeLike
Microsoft Office Communicator also encrypts all IM traffic (it was the first SEC sanctioned IM app for use in financial institutions. Of course that only works for organizations that have the infrastructure but it does work behind and across the firewall as well.
LikeLike
Microsoft Office Communicator also encrypts all IM traffic (it was the first SEC sanctioned IM app for use in financial institutions. Of course that only works for organizations that have the infrastructure but it does work behind and across the firewall as well.
LikeLike
Useful article and links! VPN is a good solution but a lot of people don’t have somewhere to VPN to. My incoming provider provided SSL for incoming mail but they only provided SMTP when connected via their Internet connection (no good when at a wi-fi hotspot etc.). I now use AuthSMTP http://www.authsmtp.com – seems very good as it works when mobile and they can support SSL for outgoing (SMTP) mail and many other features. Hope it helps.
LikeLike
Useful article and links! VPN is a good solution but a lot of people don’t have somewhere to VPN to. My incoming provider provided SSL for incoming mail but they only provided SMTP when connected via their Internet connection (no good when at a wi-fi hotspot etc.). I now use AuthSMTP http://www.authsmtp.com – seems very good as it works when mobile and they can support SSL for outgoing (SMTP) mail and many other features. Hope it helps.
LikeLike
As someone who has shown rooms of conference-goers just how insecure wireless can be, I actually commissioned someone to write a book that details in exhaustive detail exactly how to secure your PC for just about any circumstance, and encourage people to check it out at:
http://www.connectsafely.com/
Remember, even if it’s not on-screen, you really have no idea what the otherwise innocuous looking folk in that cafe or Hotspot are doing behind the scenes as they tap into the same wifi connection you’re using…
LikeLike
As someone who has shown rooms of conference-goers just how insecure wireless can be, I actually commissioned someone to write a book that details in exhaustive detail exactly how to secure your PC for just about any circumstance, and encourage people to check it out at:
http://www.connectsafely.com/
Remember, even if it’s not on-screen, you really have no idea what the otherwise innocuous looking folk in that cafe or Hotspot are doing behind the scenes as they tap into the same wifi connection you’re using…
LikeLike
So how does this affect those of us using gtalk or another Jabber implementation using SSL/TLS? I was also under the impression that MSN sent data over SSL – am I wrong? Are these guys breaking ssl?
LikeLike
So how does this affect those of us using gtalk or another Jabber implementation using SSL/TLS? I was also under the impression that MSN sent data over SSL – am I wrong? Are these guys breaking ssl?
LikeLike
Scoble, you’ve been in this business how long? and you’re just now having this epiphany?
LikeLike
Scoble, you’ve been in this business how long? and you’re just now having this epiphany?
LikeLike
I may recomend using HTTPS for web (a lot of websites offer this) and something like Simp ( http://secway.fr/us/products/all.php ) for IM.
LikeLike
I may recomend using HTTPS for web (a lot of websites offer this) and something like Simp ( http://secway.fr/us/products/all.php ) for IM.
LikeLike
I once saw a simple step-by-step guide on how to set up a SSH tunnel using your server back home (or any free shell account that allows ssh access, lonestar.org is one) and using PuTTy on the front-end on Digg … now where did it go …
Okay, here it is:
http://farhanahmed.net/blog/?p=253
LikeLike
I once saw a simple step-by-step guide on how to set up a SSH tunnel using your server back home (or any free shell account that allows ssh access, lonestar.org is one) and using PuTTy on the front-end on Digg … now where did it go …
Okay, here it is:
http://farhanahmed.net/blog/?p=253
LikeLike
Here are my set of tips,
1. Never, *ever*, attend DEFCON, where the Wall of Sheep is setup every year. Basically, any password or login captured on the conference’s WiFi network will be posted on the wall for all to see (they actually mask the passwords, but it is embarrasing to see joe@cisco.com up there!).
2. Use, as suggested, a VPN or SSH tunnel solution. If possible, if you use a hosting service for your email, choose one that features secure mailboxes.
3. If you are at a Starbucks, it may be safe to assume the T-Mobile hotspot you connect to is really T-Mobile’s…if in doubt, assume the hotspot is hostile. A purposefully-configured access point can become an automated man-in-the-middle attack machine, redirecting transparently redirecting your traffic through a scammer’s site. You would appear to be logging into your online banking, but instead, some guy in a basement is capturing all your data. Go to the Wi-Fi Alliance homepage, search for Evil Twin, and click on the ‘related FAQs’ link (shame on them for not providing a direct hyperlink!). There is some good general information there. Google also has a bunch of links to Evil Twins.
4. Install an antivirus and software firewall. When you connect to a WiFi hotspot, independantly of whether WEP or WPA is enabled or not, you are connected on Layer 2 (except in some very specific, very expensive setups, which is not what is usually seen at public hotspots) – this means you are vulnerable to all sorts of attacks, including ARP spoofing and other nasty tricks.
5. Get an EVDO card 🙂
(OK, that last one was a punch below the belt…)
LikeLike
Here are my set of tips,
1. Never, *ever*, attend DEFCON, where the Wall of Sheep is setup every year. Basically, any password or login captured on the conference’s WiFi network will be posted on the wall for all to see (they actually mask the passwords, but it is embarrasing to see joe@cisco.com up there!).
2. Use, as suggested, a VPN or SSH tunnel solution. If possible, if you use a hosting service for your email, choose one that features secure mailboxes.
3. If you are at a Starbucks, it may be safe to assume the T-Mobile hotspot you connect to is really T-Mobile’s…if in doubt, assume the hotspot is hostile. A purposefully-configured access point can become an automated man-in-the-middle attack machine, redirecting transparently redirecting your traffic through a scammer’s site. You would appear to be logging into your online banking, but instead, some guy in a basement is capturing all your data. Go to the Wi-Fi Alliance homepage, search for Evil Twin, and click on the ‘related FAQs’ link (shame on them for not providing a direct hyperlink!). There is some good general information there. Google also has a bunch of links to Evil Twins.
4. Install an antivirus and software firewall. When you connect to a WiFi hotspot, independantly of whether WEP or WPA is enabled or not, you are connected on Layer 2 (except in some very specific, very expensive setups, which is not what is usually seen at public hotspots) – this means you are vulnerable to all sorts of attacks, including ARP spoofing and other nasty tricks.
5. Get an EVDO card 🙂
(OK, that last one was a punch below the belt…)
LikeLike
LayZ: I’ve known about this for years but I don’t see many geeks worrying about it. So thought it would be a good topic to bring up for discussion again.
LikeLike
LayZ: I’ve known about this for years but I don’t see many geeks worrying about it. So thought it would be a good topic to bring up for discussion again.
LikeLike
Geeks may know this stuff but it will become increasingly relevant – here in UK the city of Norwich has just become the first location with a citywide free access wifi network set up by the council. I predict much cybercrime ensuing because regular people won’t know the risks.
LikeLike
Geeks may know this stuff but it will become increasingly relevant – here in UK the city of Norwich has just become the first location with a citywide free access wifi network set up by the council. I predict much cybercrime ensuing because regular people won’t know the risks.
LikeLike
Robert, glad to see this..there is a lot of misinformation out there. We built a company to solve these very things once and for all. http://www.witopia.net
Our SecureMyWiFi™ offers even a home user the corporate-grade security (WPA-ENTERPRISE..not wep, not wpa-personal/psk) and secure web management of their wi-fi network for $9.99 a year.
Our personalVPN™ encrypts all your data (IM, VoIP, e-mail, whatever) over any wireless or wired network as well as anonymizes your Identity on the Internet. It’s only $39.99 a year. It’s an SSL VPN backed up by security certificates. rock solid!
Both solutions are set up online, are the strongest security available, work with macs, PCs, Linux and are (as you can see) aggressively priced. we guarantee all our services unconditionally for 30 days after purchase.
LikeLike
Robert, glad to see this..there is a lot of misinformation out there. We built a company to solve these very things once and for all. http://www.witopia.net
Our SecureMyWiFi™ offers even a home user the corporate-grade security (WPA-ENTERPRISE..not wep, not wpa-personal/psk) and secure web management of their wi-fi network for $9.99 a year.
Our personalVPN™ encrypts all your data (IM, VoIP, e-mail, whatever) over any wireless or wired network as well as anonymizes your Identity on the Internet. It’s only $39.99 a year. It’s an SSL VPN backed up by security certificates. rock solid!
Both solutions are set up online, are the strongest security available, work with macs, PCs, Linux and are (as you can see) aggressively priced. we guarantee all our services unconditionally for 30 days after purchase.
LikeLike
Whenever I’m on a network that I don’t trust I proxy everything through my colo server. ssh with a whole bunch of “-L” arguments, Apache set up to proxy, all of my applications on my laptop(s) are set up to use local ports which talk through that ssh tunnel to the remote machine.
The only bad part is that I have to set my browser to not use the proxy while I log in to whatever authentication the coffee shop wants, then switch it back over to use the proxy.
But as long as I can get an ssh connection out of my laptop, the only thing sniffers on the network can see is that I’ve got traffic with my colo box.
It’s a bit harder to do on Windows than on Linux or Mac, but even there it’s not too bad to set up.
LikeLike
Whenever I’m on a network that I don’t trust I proxy everything through my colo server. ssh with a whole bunch of “-L” arguments, Apache set up to proxy, all of my applications on my laptop(s) are set up to use local ports which talk through that ssh tunnel to the remote machine.
The only bad part is that I have to set my browser to not use the proxy while I log in to whatever authentication the coffee shop wants, then switch it back over to use the proxy.
But as long as I can get an ssh connection out of my laptop, the only thing sniffers on the network can see is that I’ve got traffic with my colo box.
It’s a bit harder to do on Windows than on Linux or Mac, but even there it’s not too bad to set up.
LikeLike
I think Starbucks is small potatoes compared to the free WiFi now offered by many hotels. In the past I’ve monitored the WiFi traffic and found that it was wide open and there could potentially be lots more people snooping on you. On the other hand, when they offer a wired Cat-5 connection I always use that and generally those conversations are isolated (presumably by being connected to a switch rather than a hub).
Regardless, better safe than sorry, and this is one reason why I tell people that they are better off using a web-based e-mail solution on the road. Always make sure that when doing bill-paying or e-mailing on the road that your URLS start with “https:” rather than “http:” and all your traffic should be encrypted. You can also get encrypted e-mail connections using POP servers etc, but it’s not nearly as easy to know for sure that that is working as you would like it to be.
LikeLike
I think Starbucks is small potatoes compared to the free WiFi now offered by many hotels. In the past I’ve monitored the WiFi traffic and found that it was wide open and there could potentially be lots more people snooping on you. On the other hand, when they offer a wired Cat-5 connection I always use that and generally those conversations are isolated (presumably by being connected to a switch rather than a hub).
Regardless, better safe than sorry, and this is one reason why I tell people that they are better off using a web-based e-mail solution on the road. Always make sure that when doing bill-paying or e-mailing on the road that your URLS start with “https:” rather than “http:” and all your traffic should be encrypted. You can also get encrypted e-mail connections using POP servers etc, but it’s not nearly as easy to know for sure that that is working as you would like it to be.
LikeLike
No more, Scoble. No more.
LikeLike
No more, Scoble. No more.
LikeLike
wifi isn’t secure. The amount of effort you have to break wireless security is minimal. Like many others stated; IPSEC VPN, SSH, HTTPS.
Then again, the amount of people with the wits and the drive to break wireless security make the odds of _your_ wireless connection getting tapped pretty good.
If you really want private browsing Torpark (http://torpark.nfshost.com/) is the answer. But on a public computer (with, say, a nice keylogger installed) I still wouldn’t use it.
This ‘browzar’ seems rather dumb (the lame name doesn’t help); you can set pretty much any browser to not store anything these days. Or you could clear the history/etc. And yes, I know anything deleted from disk is still there until it gets overwritten. How many people know about that?
LikeLike
wifi isn’t secure. The amount of effort you have to break wireless security is minimal. Like many others stated; IPSEC VPN, SSH, HTTPS.
Then again, the amount of people with the wits and the drive to break wireless security make the odds of _your_ wireless connection getting tapped pretty good.
If you really want private browsing Torpark (http://torpark.nfshost.com/) is the answer. But on a public computer (with, say, a nice keylogger installed) I still wouldn’t use it.
This ‘browzar’ seems rather dumb (the lame name doesn’t help); you can set pretty much any browser to not store anything these days. Or you could clear the history/etc. And yes, I know anything deleted from disk is still there until it gets overwritten. How many people know about that?
LikeLike
@14 Fair enough. It guess it’s your writing style. You seem flip flop between condescending and clueless.
LikeLike
@14 Fair enough. It guess it’s your writing style. You seem flip flop between condescending and clueless.
LikeLike
Seeing as how I have already been called stupid in the Vista thread…. I have taken the attitude of a technical nudist. In the world of wifi I turn off all security, share all folders, and store all my banking info., IDs/Passwords in a text file labeled ID_Passwords_Fincial_Info.txt in my My Documents folder. Also I have named my machine RipMeOffPC so that when it appears on a network well…. you get the picture. 😉 Just as a nudist believes in full disclosure of themselves physically, I, as a technical nudist, provide full access to my digital assets in wifi land.
Okay I am tired after a long day and making stuff up but I could not resist.
LikeLike
Seeing as how I have already been called stupid in the Vista thread…. I have taken the attitude of a technical nudist. In the world of wifi I turn off all security, share all folders, and store all my banking info., IDs/Passwords in a text file labeled ID_Passwords_Fincial_Info.txt in my My Documents folder. Also I have named my machine RipMeOffPC so that when it appears on a network well…. you get the picture. 😉 Just as a nudist believes in full disclosure of themselves physically, I, as a technical nudist, provide full access to my digital assets in wifi land.
Okay I am tired after a long day and making stuff up but I could not resist.
LikeLike
Thanks for the links – but more imporantly for raising this issue. I recently visited an internet cafe that boasted of what it offered, with no mention of basic security measures. It doesn’t even seem to be an issue for non-techies.
LikeLike
Thanks for the links – but more imporantly for raising this issue. I recently visited an internet cafe that boasted of what it offered, with no mention of basic security measures. It doesn’t even seem to be an issue for non-techies.
LikeLike
Thanks for the refresher Scoble. Nice plug for Browzar though. I don’t see what the big deal with this is. If you use Firefox (and other browsers probably), you can set it up to flush all private info when you close it. Do we really need another browser? Hell, they could have just made another extension for FF or added some code. That’s my $.02.
@16, That’s frikin’ tacky Bill-topia!
LikeLike
Thanks for the refresher Scoble. Nice plug for Browzar though. I don’t see what the big deal with this is. If you use Firefox (and other browsers probably), you can set it up to flush all private info when you close it. Do we really need another browser? Hell, they could have just made another extension for FF or added some code. That’s my $.02.
@16, That’s frikin’ tacky Bill-topia!
LikeLike
@yokimbo
ha. yeah..I know. Have my regrets about it. My only defense is that when you found a company to solve a problem (and continually see articles asking how to solve it) you tend to excitedly blurt out the answer. hey..at least i was open and honest about who I was and didn’t do some anonymous post.
plus, the question was asked what I use and I do use our services. 🙂 a wee bit spammy though now that I see it up in black and white..sorry if it proved offensive.
LikeLike
@yokimbo
ha. yeah..I know. Have my regrets about it. My only defense is that when you found a company to solve a problem (and continually see articles asking how to solve it) you tend to excitedly blurt out the answer. hey..at least i was open and honest about who I was and didn’t do some anonymous post.
plus, the question was asked what I use and I do use our services. 🙂 a wee bit spammy though now that I see it up in black and white..sorry if it proved offensive.
LikeLike
Can anyone recommend an easy-to-use SSH setup for Linux? I’ve got a Mandriva Linux running on a secondary box (I do very little or nothing with it most of the time) and wouldn’t mind at all setting it up to run SSH. I did set my main windows box up to run SSH and I set up a tunnel that way, but I never got it working on Linux. I think one of my problems was figuring out how to configure users for Linux SSH, but a full-on, easy-to-use SSH server setup guide for Linux would be super-helpful (and one for Mandriva extra-helpful). So far I haven’t been able to find one.
LikeLike
Can anyone recommend an easy-to-use SSH setup for Linux? I’ve got a Mandriva Linux running on a secondary box (I do very little or nothing with it most of the time) and wouldn’t mind at all setting it up to run SSH. I did set my main windows box up to run SSH and I set up a tunnel that way, but I never got it working on Linux. I think one of my problems was figuring out how to configure users for Linux SSH, but a full-on, easy-to-use SSH server setup guide for Linux would be super-helpful (and one for Mandriva extra-helpful). So far I haven’t been able to find one.
LikeLike
Yeah, it’s called Open SSH (sshd).
LikeLike
Yeah, it’s called Open SSH (sshd).
LikeLike
do any of you run a browser appliance in vmwareplayer ?
http://www.vmware.com/vmtn/appliances/directory/browserapp.html
LikeLike
do any of you run a browser appliance in vmwareplayer ?
http://www.vmware.com/vmtn/appliances/directory/browserapp.html
LikeLike
“I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do”
You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?
I really love how Scoble thinks he knows something we don’t. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don’t say!
Seriously, you’re a joke, Scoble. Go back to your Web 2.0.
LikeLike
“I was talking with a geek who’ll remain unnamed and he was telling me how easy it is for someone to sit at a Starbucks, slurp off the local WiFi, and recreate almost everything you do”
You mean, like Wireshark, tcpdump/tcpreplay, dsniff, ettercap, Cain and Abel, kismet, and ngrep? What about vulnerability scanners, like Nessus, Retina, and Sara? What about netcat, Hping2, nmap, and Metasploit?
I really love how Scoble thinks he knows something we don’t. Really, Scoble? You can be attacked at a PUBLIC WIFI spot? You don’t say!
Seriously, you’re a joke, Scoble. Go back to your Web 2.0.
LikeLike
I took a brief look at Browzar, and it is incomplete in it’s promises.
LikeLike
I took a brief look at Browzar, and it is incomplete in it’s promises.
LikeLike
Rousingly good stuff here. I’m think that I’m beginning to get the post-MS blog strategy…blog about whatever is at the top of TechMeme in order to boost pagerank.
Seems like it anyway
Booger
LikeLike
Rousingly good stuff here. I’m think that I’m beginning to get the post-MS blog strategy…blog about whatever is at the top of TechMeme in order to boost pagerank.
Seems like it anyway
Booger
LikeLike
Scott Hanselman posted an article on Browzar. Looks like it didn’t work quite as intended.
http://www.hanselman.com/blog/ANewPrivateBrowserIMeanBrowzarDoesNotWorkAsAdvertised.aspx
And if you read the comments there, you’ll find some caveats to Browzar and a few alternatives.
LikeLike
Scott Hanselman posted an article on Browzar. Looks like it didn’t work quite as intended.
http://www.hanselman.com/blog/ANewPrivateBrowserIMeanBrowzarDoesNotWorkAsAdvertised.aspx
And if you read the comments there, you’ll find some caveats to Browzar and a few alternatives.
LikeLike
Thanks Scoble,
Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There’s lots of HOWTOs out there on securing wifi, and most of the good ones have steps like “setup an SSH sever” with the assumption that you’ll already know how to do that. This kind of post tends to attract more user-level advice.
Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn’t that secure? Yeah, but we don’t all fully understand by how much.
Remember this: a good part of his reading audience is what used to be called “power users” back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.
Power users aren’t dumb, they are just _not experts_. Why the *&%# should they be?
Reality check here:
Most users, even most power users don’t have a good mental model of how security across a network works. Why?
1. Because of the craptastic OS that most of us use hides what really goes on.
2. Because the explanations commonly used are oversimplified and inaccurate.
3. Because the people who do know usually can’t be bothered to explain in a human-readable way.
4. Because 60% of what we learn is secure this year is cracked the next.
5. Vendors.
Oh, you want me to talk about vendors? Heh. I mean, we’ve been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I’m not talking about hushmail, I’m asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don’t have the engineering chops, but because they are…
…er… I don’t know why, actually. Ethically challenged?
Okay, here’s a moral challenge, all you Web 2.0 ers – what have you done today to give your _customers_ more security?
-r.
LikeLike
Thanks Scoble,
Having someone with a lot of blog traffic post a how-do-we-do-this type question is helpful. There’s lots of HOWTOs out there on securing wifi, and most of the good ones have steps like “setup an SSH sever” with the assumption that you’ll already know how to do that. This kind of post tends to attract more user-level advice.
Oh, and all you haters? L33t dudes, if you think only the ubergeeks read scoble, you are wrong. Does everybody know that wifi isn’t that secure? Yeah, but we don’t all fully understand by how much.
Remember this: a good part of his reading audience is what used to be called “power users” back in the day. You know, people who figured out how do do stuff with command line DOS when their bosses were terrified of computers. People who hacked wacky excel macros to manipulate data because there were NO free-as-in-beer software environments with pretty highlighting.
Power users aren’t dumb, they are just _not experts_. Why the *&%# should they be?
Reality check here:
Most users, even most power users don’t have a good mental model of how security across a network works. Why?
1. Because of the craptastic OS that most of us use hides what really goes on.
2. Because the explanations commonly used are oversimplified and inaccurate.
3. Because the people who do know usually can’t be bothered to explain in a human-readable way.
4. Because 60% of what we learn is secure this year is cracked the next.
5. Vendors.
Oh, you want me to talk about vendors? Heh. I mean, we’ve been sending plaintext email for 30 years, and when have you seen a webmail provider or a mail client that had pgp enabled by default? I’m not talking about hushmail, I’m asking what about _Yahoo_? What about Outlook Express? Vendors suck at this stuff. Not because they don’t have the engineering chops, but because they are…
…er… I don’t know why, actually. Ethically challenged?
Okay, here’s a moral challenge, all you Web 2.0 ers – what have you done today to give your _customers_ more security?
-r.
LikeLike
LayZ:
“You seem flip flop between condescending and clueless.”
As opposed to LayZ, who seems consistent at both!! 😀
LikeLike
LayZ:
“You seem flip flop between condescending and clueless.”
As opposed to LayZ, who seems consistent at both!! 😀
LikeLike
Might want to check out Hamachi. It’s a program that allows you to arrange multiple computers into their own secure network just as if they were connected by a physical network cable.
http://www.hamachi.cc/
Versions for Windows, Mac and Linux.
People interested in security may want to listen to Security Now! podcast
http://www.grc.com/securitynow.htm
LikeLike
Might want to check out Hamachi. It’s a program that allows you to arrange multiple computers into their own secure network just as if they were connected by a physical network cable.
http://www.hamachi.cc/
Versions for Windows, Mac and Linux.
People interested in security may want to listen to Security Now! podcast
http://www.grc.com/securitynow.htm
LikeLike
Hamachi is great for gamers and for connecting multiple computers in a WAN as if they were on the same LAN. Very neat stuff but it’s not a good choice for wifi security. The two companies mentioned previously, http://www.witopia.net and http://www.hotspotvpn.com, specialize in this and are both good choices. witopia is a lot cheaper for their open vpn-based SSL vpn, which is the same technology hotspotvpn uses for their hsvpn 2, but hotspotvpn offers monthly plans while you have to pay for a year of service with witopia. hsvpn offers a PPTP solution too (which I personally wouldn’t recommend as it’s much weaker security)for a lower price though. witopia also offers a hosted radius solution for protecting your wlan with 802.1x/wpa-enterprise as does boxedwireless.com. wpa-enterprise is much stronger than other means of wifi security but mostly used by businesses. might be overkill for a home user unless you’re quite serious(paranoid?) about security.
LikeLike
Hamachi is great for gamers and for connecting multiple computers in a WAN as if they were on the same LAN. Very neat stuff but it’s not a good choice for wifi security. The two companies mentioned previously, http://www.witopia.net and http://www.hotspotvpn.com, specialize in this and are both good choices. witopia is a lot cheaper for their open vpn-based SSL vpn, which is the same technology hotspotvpn uses for their hsvpn 2, but hotspotvpn offers monthly plans while you have to pay for a year of service with witopia. hsvpn offers a PPTP solution too (which I personally wouldn’t recommend as it’s much weaker security)for a lower price though. witopia also offers a hosted radius solution for protecting your wlan with 802.1x/wpa-enterprise as does boxedwireless.com. wpa-enterprise is much stronger than other means of wifi security but mostly used by businesses. might be overkill for a home user unless you’re quite serious(paranoid?) about security.
LikeLike
IM is, by nature, open. Basically, there are no foolproof tricks to make IM private, unless the product is designed for that from the ground up. But then it’s not open to all, only authenticated users. IBM makes a product called sametime that does IM and more, securely – It’s used by several branches of the military. We use that in house at IBM.
LikeLike
IM is, by nature, open. Basically, there are no foolproof tricks to make IM private, unless the product is designed for that from the ground up. But then it’s not open to all, only authenticated users. IBM makes a product called sametime that does IM and more, securely – It’s used by several branches of the military. We use that in house at IBM.
LikeLike
I can secure IM with 256-bit AES encryption…using SSH Dynamic Port Fowarding. It’s not that difficult. Plus, you can still use your favorite client, like Gaim.
LikeLike
I can secure IM with 256-bit AES encryption…using SSH Dynamic Port Fowarding. It’s not that difficult. Plus, you can still use your favorite client, like Gaim.
LikeLike
Cody..you have skills and what you’re saying is correct, but many people don’t have your technical prowess or desire/time to set that up. Or, if you were jsut responding to Brian from IBM..I agree. Brian, if you have the miltary believing that, I need to buy some IBM stock. 🙂
With a “VPN service” (where they’ve already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn’t peer to peer. On AIM, it’s an option called direct connect.
LikeLike
Cody..you have skills and what you’re saying is correct, but many people don’t have your technical prowess or desire/time to set that up. Or, if you were jsut responding to Brian from IBM..I agree. Brian, if you have the miltary believing that, I need to buy some IBM stock. 🙂
With a “VPN service” (where they’ve already setup the servers, bandwidth, ordering method, and support) anyone can protect their data and identity over any network (hotspot, office, hotel) as well as have secure IM and secure file-sharing. If you want it secured end to end, you just need to both be using the same VPN service and initiate a direct connection if your IM provider isn’t peer to peer. On AIM, it’s an option called direct connect.
LikeLike
The other advantage with hotspotvpn is that it can be used with a pda e.g. my Axim x51v
I would also recommend the security podcasts at http://www.grc.com/securitynow.htm.
Regards from Cornwall
Phil
LikeLike
The other advantage with hotspotvpn is that it can be used with a pda e.g. my Axim x51v
I would also recommend the security podcasts at http://www.grc.com/securitynow.htm.
Regards from Cornwall
Phil
LikeLike
This free VPN client looks really compelling. Its based on OpenVPN and the server seems to have reasonable bandwidth. It would be helpful if someone more technical could review it.
http://www.anchorfree.com/hotspot-shield/
Jay
LikeLike
This free VPN client looks really compelling. Its based on OpenVPN and the server seems to have reasonable bandwidth. It would be helpful if someone more technical could review it.
http://www.anchorfree.com/hotspot-shield/
Jay
LikeLike
Yah, the folks commenting about VPN being a secure way to safeguard your wifi connection are right. Site’s like http://nationwidevpn.com might be helpful when you want to secure your own network.
T1 Buyer’s Guide
LikeLike
Yah, the folks commenting about VPN being a secure way to safeguard your wifi connection are right. Site’s like http://nationwidevpn.com might be helpful when you want to secure your own network.
T1 Buyer’s Guide
LikeLike
I’am using vpn account from another personal vpn service called VPN Privacy (http://vpnprivacy.com) to protect myself when work at public wi-fi zones. It’s more fast reliable then hotspotvpn for me.
LikeLike
I’am using vpn account from another personal vpn service called VPN Privacy (http://vpnprivacy.com) to protect myself when work at public wi-fi zones. It’s more fast reliable then hotspotvpn for me.
LikeLike