Reply
 
Thread Tools Display Modes
 
Old 11-19-2013, 03:35 PM   #1
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Wifi security story on news

This story appeared on the local news last night. Bottom line seems to be that if you are on wifi, no matter what kind, or where, secured or not, you are vulnerable to losing you personal information depending on how the institution you are dealing with handles encryption. Kind of scary if this is more than a news scare story.

This would imply that the way we use our traveling internet connection would not be adequate for doing our banking and other financial or personal data stuff, as we use a wifi hotspot to the laptop. I just tested, and we can hardwire tether the Galaxy tab hotspot to the laptop for the 4G connection, so I think we will start doing that instead of using the wireless hotspot option. That will also save some battery life, I think.

http://kstp.com/news/stories/S3221829.shtml
__________________

booster is online now   Reply With Quote
Old 11-19-2013, 04:42 PM   #2
Platinum Member
 
Davydd's Avatar
 
Join Date: Aug 2007
Location: Minnesota
Posts: 4,559
Default Re: Wifi security story on news

Kind of disturbing. They didn't name the product used but showed it and gave plenty of hints that I am sure anyone could Google and figure it out. I feel safe at home on wifi being way off the road and beyond reasonable signal interception. Also on the road we use cellular with our iPad and iPhones.

They wouldn't name the financial institutions that failed but I am assuming they must have tested the ones in the Twin Cities. I'd like to find out. When I scroll over the lock on my bank, online broker and two credit cards I access online I get three different verifying companies used.

Google gmail passed. I'll have to check how they verify.
__________________

__________________
Davydd
2015 Advanced RV Ocean One Mercedes Benz Sprinter
Previous Class Bs:
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
Davydd is offline   Reply With Quote
Old 11-19-2013, 07:13 PM   #3
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

Quote:
Originally Posted by Davydd
Kind of disturbing. They didn't name the product used but showed it and gave plenty of hints that I am sure anyone could Google and figure it out. I feel safe at home on wifi being way off the road and beyond reasonable signal interception. Also on the road we use cellular with our iPad and iPhones.

They wouldn't name the financial institutions that failed but I am assuming they must have tested the ones in the Twin Cities. I'd like to find out. When I scroll over the lock on my bank, online broker and two credit cards I access online I get three different verifying companies used.

Google gmail passed. I'll have to check how they verify.
We use cellular while on the road also, but usually use the tablet as a hotspot for the laptop, so it would be vulnerable to that kind of hack. If you tether directly with a usb tether to the laptop, you should be OK though cellular, or if you do the connection directly from the tablet or phone.
booster is online now   Reply With Quote
Old 11-19-2013, 08:56 PM   #4
Platinum Member
 
Davydd's Avatar
 
Join Date: Aug 2007
Location: Minnesota
Posts: 4,559
Default Re: Wifi security story on news

Even though I take my laptop with me on the road, I rarely use it other than to backup photos. The iPad is good enough for the limited stuff I need to do as I spend way less time on computers on the road. 4G and LTE cellular are generally faster than campground wifi anyway.
__________________
Davydd
2015 Advanced RV Ocean One Mercedes Benz Sprinter
Previous Class Bs:
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
Davydd is offline   Reply With Quote
Old 11-19-2013, 09:12 PM   #5
Platinum Member
 
Join Date: Sep 2012
Posts: 973
Default Re: Wifi security story on news

I use Wi-fi fairly often (mainly to save bandwidth charges), but when I do, I use a VPN (virtual private network) that does encrypted tunneling. This is both for security (since all my traffic is then sent to the remote site encrypted) as well as privacy (I don't want some local hacker with access to the Wi-Fi router knowing everything about me.) If the hacker tries to redirect all my traffic through their servers, it still won't gain them anything.

For my stuff, I've found that LTE and 4G are good enough, and almost always better than any Wi-Fi other than my home connection. In fact, were it not for the fact that bandwidth used is so expensive, I'd just not bother with Wi-Fi whatsoever and stick with LTE.

When using a laptop, I tether through Bluetooth or a direct connection. This way, a wardriver doesn't see anything compromisable. Plus, in RV parks, there are so many people using Mi-Fi adapters, the whole spectrum can get crowded pretty quickly.
mlts22 is offline   Reply With Quote
Old 11-19-2013, 09:38 PM   #6
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

Quote:
Originally Posted by mlts22
I use Wi-fi fairly often (mainly to save bandwidth charges), but when I do, I use a VPN (virtual private network) that does encrypted tunneling. This is both for security (since all my traffic is then sent to the remote site encrypted) as well as privacy (I don't want some local hacker with access to the Wi-Fi router knowing everything about me.) If the hacker tries to redirect all my traffic through their servers, it still won't gain them anything.

For my stuff, I've found that LTE and 4G are good enough, and almost always better than any Wi-Fi other than my home connection. In fact, were it not for the fact that bandwidth used is so expensive, I'd just not bother with Wi-Fi whatsoever and stick with LTE.

When using a laptop, I tether through Bluetooth or a direct connection. This way, a wardriver doesn't see anything compromisable. Plus, in RV parks, there are so many people using Mi-Fi adapters, the whole spectrum can get crowded pretty quickly.
With the VPN, is the data sent over the wifi to be sent? The story claimed that the device they showed would intercept an encrypted wifi signal and strip the encryption off of it. The problems start when the destination you are dealing with accepts the unencrypted signal I assume the VPN site wouldn't accept the signal?
booster is online now   Reply With Quote
Old 11-19-2013, 09:40 PM   #7
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

Quote:
Originally Posted by Davydd
Even though I take my laptop with me on the road, I rarely use it other than to backup photos. The iPad is good enough for the limited stuff I need to do as I spend way less time on computers on the road. 4G and LTE cellular are generally faster than campground wifi anyway.
In the past, you have stated that you put a data plan on only one of the devices, to save the across the board data changes on all the devices, and then use it as a hotspot, for the other devices. If you are still doing that, you are using a wifi signal that could be compromised, according to the story.
booster is online now   Reply With Quote
Old 11-19-2013, 09:46 PM   #8
Platinum Member
 
Join Date: Sep 2012
Posts: 973
Default Re: Wifi security story on news

It depends on the device. If I'm using PDANet and have the device with LTE plugged directly in, no wireless signal between the devices is going on. BlueTooth is similar, because of its short range. However, if I flip on normal tethering, most devices have an extremely short default password and are easily cracked into.
mlts22 is offline   Reply With Quote
Old 11-19-2013, 10:16 PM   #9
Platinum Member
 
Davydd's Avatar
 
Join Date: Aug 2007
Location: Minnesota
Posts: 4,559
Default Re: Wifi security story on news

I don't do any hotspotting or tethering on the road but do have multiple devices with Verizon and ATT data to pretty much have coverage just about anywhere but the remotest spots. I have apps on the iPhone for my credit cards, bank and online brokerage to easily do anything. Other than that I might read message boards and also have easy to use apps for Twitter and Facebook where I can post a travel report message and photo a lot easier than to a message board. Then there are the many apps dedicated to finding campsites, coffee, Walmart and such, and the GPS map apps. For news I'd rather use the many dedicated news apps quickly rather than an Internet browser. Other than looking stuff up and reading email on cellular underway I spend very little time on the Internet.
__________________
Davydd
2015 Advanced RV Ocean One Mercedes Benz Sprinter
Previous Class Bs:
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
Davydd is offline   Reply With Quote
Old 11-22-2013, 04:07 AM   #10
Platinum Member
 
Mike's Avatar
 
Join Date: Aug 2008
Location: Sarnialabad, The Newly Elected People's Republic of Canuckistan
Posts: 3,215
Default Re: Wifi security story on news

OK, I'll play the skeptic. We've had these discussions before on here and on Yahoo, and I think we agreed to disagree, since we couldn't come to a definitive yea or nay on how safe is public wifi usage on the road. Everyone has to stay within their own comfort level when using it, I guess?
There were an awful lot of unstated variables in their "testing" process that might affect the outcomes that were reported. For example, how tech savvy was the reporter? Was he using the HTTPS versions of signing into the various websites, or was he using the default HTTP version (most free email clients like Gmail, Hotmail, Ymail, require the user to choose/set one or the other manually)? There are lots of wifi capable packet sniffing software packages available with variable pricing and capabilities. Why did they appear to use a black box, when most laptops have enough range to capture wifi traffic without any extra hardware (I googled wifi packet sniffing black boxes and came up with nowt, but found plenty of software available - admittedly, my googling isn't always perfect, so there may be black boxes out there, but I couldn't find them). The guy doing the "testing" left one computer forensics company and started his own company a few years ago. What better way to get some free publicity than to suggest something sensational like this? The follow up newscast results will be interesting to see, if they actually do follow up on this, or just suggest that the companies in "non-compliance" resolved their problems to the satisfaction of the reporter and the forensics expert, and leave it at that. I believe they all stated their data security was fine, when challenged? Is the reporter just assuming the forensics guy was a guru and accepted his evaluation at face value? No second opinion to corroborate before going to air bothers me.
I always use HTTPS when logging into email or online banking when on public wifi. My browser always uses security certificate verification, and I try to use bookmarks to get to my preferred sensitive websites, to avoid misspelling website names (knowing that my typos on here are many and legendary).
At home, the router and our laptops are secured and data is encrypted using the best firmware and software options available on them.
Knock on wood, we have never had a problem.
__________________
It's not a sprint(er) (unless you make it one), it's (hopefully) a marathon.
RV - 2018 Navion 24V + 2016 Wrangler JKU
Mike is offline   Reply With Quote
Old 11-22-2013, 04:25 AM   #11
Platinum Member
 
Join Date: Sep 2012
Posts: 973
Default Re: Wifi security story on news

If someone doesn't use HTTPS, a utility like FireSheep could easily wreak havoc on things. However, more sites are slowly wising up to how easily it is for traffic to be attacked, and are using HTTPS for everything.

I know in the past, there was a British ISP that used a special appliance called Phorm which would intercept all HTTP traffic, and add ads to it. This is one reason a lot of sites started encrypting their links.

The reason why I use a VPN on Wi-Fi networks is that it isn't that big a step in preventing security threats... but all my Internet traffic is now protected, not just the Web page content. This way, someone with WireShark running wouldn't be able to gather a list of sites I'm using for potential hacking or social engineering later. I remember one person caught by the local PD would see the usernames people would log on as, and then just spam their accounts with bogus passwords which caused the account providers to lock the accounts. A denial of service attack since most places will deny access completely to an account after 3-5 wrong passwords, or prompt the user to enter in recovery questions.
mlts22 is offline   Reply With Quote
Old 11-22-2013, 04:41 AM   #12
Platinum Member
 
Davydd's Avatar
 
Join Date: Aug 2007
Location: Minnesota
Posts: 4,559
Default Re: Wifi security story on news

If you follow the trail from the first link posted you'll find at least two more broadcasts with more information. It did seem a little vague in what they were doing but still some major companies were loose in security and that box being used was intercepting names and passwords via hardware concealed in something like a Kleenex box. The last Starbucks I stopped in out of curiosity I counted the laptops in use and there were 11 (7 Mac/4 PC) of them. It would seem such a place would be ripe for picking by someone unscrupulous. Keep in mind skeptics, not everyone is astute and sophisticated to notice if a site is http or https. But then again I don't read a lot about horror stories online of people being intercepted.
__________________
Davydd
2015 Advanced RV Ocean One Mercedes Benz Sprinter
Previous Class Bs:
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
Davydd is offline   Reply With Quote
Old 11-22-2013, 05:04 AM   #13
Platinum Member
 
Mike's Avatar
 
Join Date: Aug 2008
Location: Sarnialabad, The Newly Elected People's Republic of Canuckistan
Posts: 3,215
Default Re: Wifi security story on news

mlts22: I'm always afraid when I'm required to give my phone number to sign up for something that they'll let that slip out and I'll start getting those annoying "participate in our survey and win a chance at a cruise" phone calls. Even our Federal DNC lists can't prevent the ones using a software autodialer to randomly bug people with call and hang up phone spam. Sort of like the spam ads inserted into the data streams.

I thought about using a VPN app to log into banks and stuff, but I don't know of any free ones, and I'm frugal when it's something that I don't really think I need (famous last words, eh? I'm sure to get hacked next time out). Honestly, I don't keep anything all that personal on my main email address, and the free ones I use definitely don't get any personal info passed through them that might be financially sensitive.
In Canada, most, if not all of our banks (the ones I deal with for sure) have online banking usage agreements that cover situations similar to lost or stolen credit card fraud. As long as you take reasonable precautions to protect your login info and the device itself, and keep your access devices up to date with typical software and security applications (firewall/antivirus/anti-malware), they will assume the liability where fraud or losses occur as long as you report any problems or suspicious activity to them asap. So, as long as you're as careful as you can be, they'll cover any losses if someone manages to somehow take advantage of you. It's not a perfect anti-fraud insurance policy, but it's better than "sorry, you're on your own".

Davydd: Starbucks has always been the place where I expect to get hacked, but so far, it hasn't happened. Doesn't mean it won't, and there have been a few times I've glanced around and seen a few other people doing the same, and decided to delay accessing sensitive data until there were fewer active laptops in the seating area, but like I suggested, most laptops can grab airborne data from a fair distance via their own built in wifi network adapters, so if they really want to get your data, they will. I think the "black box" in the news segment was a prop, and didn't really do anything except scare people into thinking more about data security. It might actually give some folks a false sense of security, if they enter a Starbucks and don't see anyone with a "magic kleenex box" plugged into their laptop. The NSA doesn't need black boxes to steal your info, do they? They just ask the IRS, or Google, or Yahoo for it, and that's that.
If I could give public wifi users one piece of advice, it would be to always use HTTPS for logging into any sensitive data website. And, if you aren't sure about how to do it, don't guess. Wait, be patient, and ask someone you trust how to do it properly. It looks simple, but not to everyone, as you suggest.
__________________
It's not a sprint(er) (unless you make it one), it's (hopefully) a marathon.
RV - 2018 Navion 24V + 2016 Wrangler JKU
Mike is offline   Reply With Quote
Old 11-22-2013, 06:42 AM   #14
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

As long as this is back up, I can give a bit of update. I contacted the reporter of the story with the questions that came up here and on the Yahoo board. In particular, there were several, very vehement, folks on the Yahoo board who said that it was a typical "man in the middle" hack, which the story specifically said it wasn't. The folks also said that there would be an indication on your computer to indicate that thinks weren't right, such as the missing http(s), the lock icon, or the name of the company you were connecting too. The reporter said he also got a lot of blowback from the IT folks at the companies that didn't pass the test. He then put them in contact with his expert to go over the test, and most of them went back to their companies to change the policies and computer code so it couldn't happen in the future (his explanation).

The answer I got from the reporter, who had passed them on to the expert in the story, was that it was not a normal intercept, redirect type man in the middle, but had to do with encryption stripping (I am not up on this stuff). It can only happen if the destination accepts the request with the encryption stripped, which is what the story addressed, as something like 3/4 of the sites accepted the stripped request.

I very specifically asked if you would get any indication on your computer that you were being hacked, and the reporter passed that question to the expert who claimed the only indication would be found in a forensic investigation after the fact, as there would be no indication in anything you would see on your computer at the time.

All true or not, I don't know, but the reporter was very responsive and dug into all the questions I asked, and took the time to research further and reply.
booster is online now   Reply With Quote
Old 11-22-2013, 01:48 PM   #15
Platinum Member
 
Mike's Avatar
 
Join Date: Aug 2008
Location: Sarnialabad, The Newly Elected People's Republic of Canuckistan
Posts: 3,215
Default Re: Wifi security story on news

Quote:
Originally Posted by booster
As long as this is back up, I can give a bit of update. I contacted the reporter of the story with the questions that came up here and on the Yahoo board. In particular, there were several, very vehement, folks on the Yahoo board who said that it was a typical "man in the middle" hack, which the story specifically said it wasn't. The folks also said that there would be an indication on your computer to indicate that thinks weren't right, such as the missing http(s), the lock icon, or the name of the company you were connecting too. The reporter said he also got a lot of blowback from the IT folks at the companies that didn't pass the test. He then put them in contact with his expert to go over the test, and most of them went back to their companies to change the policies and computer code so it couldn't happen in the future (his explanation).

The answer I got from the reporter, who had passed them on to the expert in the story, was that it was not a normal intercept, redirect type man in the middle, but had to do with encryption stripping (I am not up on this stuff). It can only happen if the destination accepts the request with the encryption stripped, which is what the story addressed, as something like 3/4 of the sites accepted the stripped request.

I very specifically asked if you would get any indication on your computer that you were being hacked, and the reporter passed that question to the expert who claimed the only indication would be found in a forensic investigation after the fact, as there would be no indication in anything you would see on your computer at the time.

All true or not, I don't know, but the reporter was very responsive and dug into all the questions I asked, and took the time to research further and reply.
Hmmmmm, sounds like more questions/answers are needed.
1) What level of expertise is required to carry out this type of hack? Known as encryption or SSL stripping?
2) What was the function/purpose of the "black box" that was used in the demo?
3) If it wasn't a "prop" for dramatic effect, where would someone get one and at what price?
4) Typically, would an individual user at an internet cafe be a prime target of one of these types of hacks? Or is it designed to go after "bigger fish" like the FI's mentioned in the article? Might be worth sending questions to those who failed the test, like Facebook, Amazon, Twitter, Yahoo, Ebay and MNSure? I'm not sure these sites haven't all been the subjects of security breaches in the past, so not much new here really. I'm pretty sure I don't ever assume that my info is secure with any of them. Including those who passed the test.
5) Who were the financial institutions contacted? Would like to hear their sides of the story.
6) What would be the end result of a successful hack of this type? Have there been any documented examples of them, and what were the types of assets stolen or manipulated by them?
7) Finally, I'm always a bit more skeptical when someone who owns a company that makes money by doing forensic investigations, suggests that you would only know you were hacked by a forensic investigation. I googled Mark Lanterman and there are more than a few hits in the internet, many posted in legalese regarding his company's (CFS) involvement in various computer forensic investigations. I don't speak legalese, but some of the actions in the documents sound like disputes over excessive fees being charged for services rendered. I may be misunderstanding the tone and substance of the articles and documents. I'm not a lawyer.

I googled "encryption stripping" and found an/some interesting article(s) which seems to indicate that this isn't something new, that it was discussed at the Black Hat conference in DC in 2009, and that there are many other security exposures out there for those who have the skills to exploit them.
http://www.itpro.co.uk/609932/website-d ... encryption
Click on the Moxie interview link. The interview must have been done in an oil drum because the sound quality is poor, but what I could hear was interesting. I also saw some hacks for VPN on the sidebar of the same youtube video page, so they may not be secure either.

The bottom line (as in the previous "animated" discussions with the Yahoo Group's experts a while back) is that we agreed to disagree on the subject of public wifi access and data security, and there will always be someone who can bypass the best security available. Caveat emptor when you use any type of online web access to your sensitive data and information. At home, or on the road.
__________________
It's not a sprint(er) (unless you make it one), it's (hopefully) a marathon.
RV - 2018 Navion 24V + 2016 Wrangler JKU
Mike is offline   Reply With Quote
Old 11-22-2013, 03:17 PM   #16
Platinum Member
 
Davydd's Avatar
 
Join Date: Aug 2007
Location: Minnesota
Posts: 4,559
Default Re: Wifi security story on news

Don't you all wish you had a brother-in-law who worked for the NSA to get the real scoop?
__________________
Davydd
2015 Advanced RV Ocean One Mercedes Benz Sprinter
Previous Class Bs:
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
Davydd is offline   Reply With Quote
Old 11-22-2013, 03:36 PM   #17
Platinum Member
 
Mike's Avatar
 
Join Date: Aug 2008
Location: Sarnialabad, The Newly Elected People's Republic of Canuckistan
Posts: 3,215
Default Re: Wifi security story on news

Or a friend who was a true hacker guru for the same reasons?
Oh, hang on, they all work for he NSA, don't they?
__________________
It's not a sprint(er) (unless you make it one), it's (hopefully) a marathon.
RV - 2018 Navion 24V + 2016 Wrangler JKU
Mike is offline   Reply With Quote
Old 11-22-2013, 03:44 PM   #18
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

Quote:
Originally Posted by Mike
Quote:
Originally Posted by booster
As long as this is back up, I can give a bit of update. I contacted the reporter of the story with the questions that came up here and on the Yahoo board. In particular, there were several, very vehement, folks on the Yahoo board who said that it was a typical "man in the middle" hack, which the story specifically said it wasn't. The folks also said that there would be an indication on your computer to indicate that thinks weren't right, such as the missing http(s), the lock icon, or the name of the company you were connecting too. The reporter said he also got a lot of blowback from the IT folks at the companies that didn't pass the test. He then put them in contact with his expert to go over the test, and most of them went back to their companies to change the policies and computer code so it couldn't happen in the future (his explanation).

The answer I got from the reporter, who had passed them on to the expert in the story, was that it was not a normal intercept, redirect type man in the middle, but had to do with encryption stripping (I am not up on this stuff). It can only happen if the destination accepts the request with the encryption stripped, which is what the story addressed, as something like 3/4 of the sites accepted the stripped request.

I very specifically asked if you would get any indication on your computer that you were being hacked, and the reporter passed that question to the expert who claimed the only indication would be found in a forensic investigation after the fact, as there would be no indication in anything you would see on your computer at the time.

All true or not, I don't know, but the reporter was very responsive and dug into all the questions I asked, and took the time to research further and reply.
Hmmmmm, sounds like more questions/answers are needed.
1) What level of expertise is required to carry out this type of hack? Known as encryption or SSL stripping?
2) What was the function/purpose of the "black box" that was used in the demo?
3) If it wasn't a "prop" for dramatic effect, where would someone get one and at what price?
4) Typically, would an individual user at an internet cafe be a prime target of one of these types of hacks? Or is it designed to go after "bigger fish" like the FI's mentioned in the article? Might be worth sending questions to those who failed the test, like Facebook, Amazon, Twitter, Yahoo, Ebay and MNSure? I'm not sure these sites haven't all been the subjects of security breaches in the past, so not much new here really. I'm pretty sure I don't ever assume that my info is secure with any of them. Including those who passed the test.
5) Who were the financial institutions contacted? Would like to hear their sides of the story.
6) What would be the end result of a successful hack of this type? Have there been any documented examples of them, and what were the types of assets stolen or manipulated by them?
7) Finally, I'm always a bit more skeptical when someone who owns a company that makes money by doing forensic investigations, suggests that you would only know you were hacked by a forensic investigation. I googled Mark Lanterman and there are more than a few hits in the internet, many posted in legalese regarding his company's (CFS) involvement in various computer forensic investigations. I don't speak legalese, but some of the actions in the documents sound like disputes over excessive fees being charged for services rendered. I may be misunderstanding the tone and substance of the articles and documents.

I googled "encryption stripping" and found an/some interesting article(s) which seems to indicate that this isn't something new, that it was discussed at the Black Hat conference in DC in 2009, and that there are many other security exposures out there for those who have the skills to exploit them.
http://www.itpro.co.uk/609932/website-d ... encryption
Click on the Moxie interview link. The interview must have been done in an oil drum because the sound quality is poor, but what I could hear was interesting. I also saw some hacks for VPN on the sidebar of the same youtube video page, so they may not be secure either.

The bottom line (as in the previous "animated" discussions with the Yahoo Group's experts a while back) is that we agreed to disagree on the subject of public wifi access and data security, and there will always be someone who can bypass the best security available. Caveat emptor when you use any type of online web access to your sensitive data and information. At home, or on the road.
I wish someone with more knowledge than I have would contact either the reporter, the expert, or the companies that failed, or passed the test. They are all listed in the 3(?) videos, as well as showing the devices briefly, and describing what they do.

At this point, I don't think anyone really knows what is going on. Sensationalization, or valid, solvable problem?

Personally, I think too many folks just write off things like this with the "nothing is completely secure" mantra, without looking at them closely to find out if there is an issue, or not. On the Yahoo Board, there was one comment that said something like "are you going to stop driving because you might have an accident?". Nope, I am not, but if someone tells me there is a defect in my vehicle that will make it explode, I will certainly check it out.
booster is online now   Reply With Quote
Old 11-22-2013, 04:39 PM   #19
Platinum Member
 
Mike's Avatar
 
Join Date: Aug 2008
Location: Sarnialabad, The Newly Elected People's Republic of Canuckistan
Posts: 3,215
Default Re: Wifi security story on news

Quote:
Originally Posted by booster
I wish someone with more knowledge than I have would contact either the reporter, the expert, or the companies that failed, or passed the test. They are all listed in the 3(?) videos, as well as showing the devices briefly, and describing what they do.

At this point, I don't think anyone really knows what is going on. Sensationalization, or valid, solvable problem?

Personally, I think too many folks just write off things like this with the "nothing is completely secure" mantra, without looking at them closely to find out if there is an issue, or not. On the Yahoo Board, there was one comment that said something like "are you going to stop driving because you might have an accident?". Nope, I am not, but if someone tells me there is a defect in my vehicle that will make it explode, I will certainly check it out.
I think (IMO) in this case, the expert suggested that the defect "may" make it explode, not "will" make it explode to use your analogy.

To continue using the exploding car defect analogy, how will you check out the defect that may/will make it explode, without any knowledge or understanding about the workings of the part of the vehicle that is compromised? You would have to rely on the expertise of others, as in this situation, so either way, you're at the mercy of the so called "experts", and in this case there isn't even enough overt information being provided about the actual workings of the defect, and how likely it is to actually cause the explosion, to make even an uninformed judgement other than the usual, "there is no data security system in existence that can't be breached by someone, if they really want to, and have the skills and tools at their disposal to do it". And the expert in this case simply suggested that if you thought or knew your data had been compromised, he could tell you exactly how your stuff had fallen into the wrong hands, for a fee, because that's what he does for a living. Honestly, the KSAT news segment reminded me of a PCMatic or MyCleanPC ad on the TV, so I was initially skeptical. All of his expertise would only be useful after the fact, which doesn't help you prevent the problem from happening in the first place. Perhaps if the background information was all true, and they contacted the financial institutions as they said they did, and those businesses fixed the "problems" at their ends (which they denied existed), we all may be a little bit safer. But that's all based on hearsay, too.
Your personal data is probably the most likely point of attack on a public wifi connection, because most financial institutions (banks, trust companies, credit unions) have extremely tight security systems which are designed to protect the data and the money of their clients, as well as their reputation as a safe place to do business. I would be more concerned about having my personal data (aka my identity data) compromised at one of the social media websites they mentioned, than at a bonafide mainstream bank, for that reason alone. Identity theft happens all the time, and I doubt that it's even as complex to do as the KSAT news segment depicted. Some social websites ask for your email password and promise not to reveal it, but there's no guarantee, and that's all you need to create a problem for the users.
So, I'm not sure what else to suggest, except that there are people out there who will try to look at your stuff without your permission or knowledge, and that there isn't much you can do about it except try to follow some basic guidelines on personal data security. Like use a VPN if possible, and always make sure to use HTTPS, and read and understand any discrepancy or error messages you get about expired or invalid site certificates, while online at a public wifi location, so that you don't just assume that you're safe. If you follow good basic public wifi security practices you're less likely to have problems. If you're not sure, like I said, don't guess. Even if you are sure, bad stuff happens all the time. Maybe there are just situations where you shouldn't drive the car, when the road and weather conditions are such that you might have a greater risk of having an accident? If you get a feeling that a particular internet cafe or wifi hotspot isn't safe, maybe it's best to avoid it.
__________________
It's not a sprint(er) (unless you make it one), it's (hopefully) a marathon.
RV - 2018 Navion 24V + 2016 Wrangler JKU
Mike is offline   Reply With Quote
Old 11-22-2013, 05:07 PM   #20
Platinum Member
 
Join Date: Aug 2010
Location: Minnesota
Posts: 7,765
Default Re: Wifi security story on news

My point with that example is that if there was a potential risk (explosion) said to exist, I would check it out. I have the capability, training, and experience to do that kind of research and evaluation for things of that nature. I would not just say "it is probably bogus" based only on what I perceived to be suggested problem, or the fact I knew of a similar issue in the past, or that anything might blow up sometime for some reason so don't worry about it. I don't have that type of knowledge, and no desire or time to spend researching it and learning it, for computer security issues.

My other point is that none of the folks telling the less informed amongst us (that would be me and many others) have contacted the folks that put the story out there, but they are saying it is unquestionably false. IF (big if) you can believe the reporter, he said he was contacted by quite a few IT people from the companies that failed the test, and he put them in touch with his expert. The reporter claims that once it was explained to the IT guys what the test was, they realized their was a problem and went back to their companies to fix it. True? Maybe? Worth checking out? Maybe?
__________________

booster is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


» Featured Campgrounds

Reviews provided by

Powered by vBadvanced CMPS v3.2.3

All times are GMT. The time now is 08:29 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
×