quote:I've known Darren Kitchen for years. He hosts a podcast about hacking called Hak5 and has been interviewed by ABC News, the New York Times and Wired Magazine on various hacking topics. In short, he's the real deal, and he sat down with me to answer the following questions and demo what a hacker could do if you log on to the wrong Wi-Fi.
Is it safe to bank on a public computer?
Answer: No
Public computers in libraries, schools, and hotels are completely unsafe for any sensitive web browsing. You have no idea if they are secure or if a criminal has installed a key-logger that tracks every username and password you enter.
Can you safely bank online at a Wi-Fi café on your own computer
Answer: Probably not
Darren and I set up an experiment. With my own laptop, I logged onto the free Wi-Fi in a café while Darren sat across from me. I went to my bank site and entered my username and password. In real time, Darren intercepted the logon info. If that had been my real info he could have immediately logged onto my bank account (NOTE: I gave Darren expressed permission to hack my browsing — I need to say this for legal reasons. ALSO - I am a blond, but what you see in the video is not my real banking info.)
How did he hack my connection?
Darren brought his own router into the coffee shop. He can set it up to provide an open connection that is labeled "Internet" or "free Wi-Fi" or even includes the name of the café, something like "Cuppa Joe Wi-Fi." Simply put, he pretends to be the Internet access provided by the café. The scenario: you turn on your computer and log on to what you think is the Wi-Fi provided by the business. Even more deviously, Darren can create a Wi-Fi signal called Linksys, TMobile, ATT Wireless or GogoInflight. If your computer has ever connected to those legitimate networks in the past, it will be fooled into thinking it already has permission to connect — and does so through Darren's router.
"Once you're on my router, I am the Internet. I'm the man in the middle, so I can see everything," said Darren. "I'm essentially your Internet service provider, and inherently, I can eavesdrop and even change data on the fly. And when I see you're going to a bank, I can serve up my own [site] that looks and feels in every way like the bank's site."
And that's how he got my info. I thought I was going to a legitimate bank, but really it was Darren serving up an easily faked version of the site. It looked exactly the same as the real bank's site.
Bottom-line: if you must do sensitive web browsing over a Wi-Fi network in a public place you should be very sure you know that the Wi-Fi is actually provided by the business and being passed through their router. It should be encrypted so you need a password to log on. And finally, do you trust the business and its employees? There are enough risks that when I ask Darren if he would log on to his bank this way he says "Absolutely not."
Replies sorted oldest to newest
I don't use public wifi. I use the internet connection on my phone. I connect the laptop via Bluetooth to the phone and away I go.
Former Member
I use public/guest wifi all the time...don't have anything that can be compromised on my phone or iPad. I access my emails, which is mostly department stores sreaming some sale or the other
, or sometimes Facebook. Never banking or any other such transactions.
, or sometimes Facebook. Never banking or any other such transactions.quote:Originally posted by Riya:
I use public/guest wifi all the time...don't have anything that can be compromised on my phone or iPad. I access my emails, which is mostly department stores sreaming some sale or the other
So if I pass by with my router I may pick some interesting email juice?
quote:Originally posted by Mr.T:
I don't use public wifi. I use the internet connection on my phone. I connect the laptop via Bluetooth to the phone and away I go.
Our phones in the US comes with built in data plan, but not sure if we can use Blutooth from laptop to grab data. I think we need to buy another plan, tethering or something like that. Have to check that out.
Former Member
quote:Originally posted by TI:
So if I pass by with my router I may pick some interesting email juice?
yeah...some may even cause you to blush
quote:Originally posted by TI:quote:Originally posted by Mr.T:
I don't use public wifi. I use the internet connection on my phone. I connect the laptop via Bluetooth to the phone and away I go.
Our phones in the US comes with built in data plan, but not sure if we can use Blutooth from laptop to grab data. I think we need to buy another plan, tethering or something like that. Have to check that out.
I think you get robbed in US, here tethering is free (the only thing fee) if you have a data plan that is.
How does one go about gettin' oneself tethered?
Former Member
quote:Originally posted by Riya:quote:Originally posted by TI:
So if I pass by with my router I may pick some interesting email juice?
yeah...some may even cause you to blush
Riya, yuh think TI is capable of blushing?
Former Member
quote:Originally posted by Miraver:
Riya, yuh think TI is capable of blushing?
these will make even a seasoned person blush
Add Reply
Sign In To Reply
196 online (0 members
/
196 guests)