Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Security Technology

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used To Be (wired.com) 60

Posted by msmash from the for-what-it-is-worth dept.
As you travel this holiday season, bouncing from airport to airplane to hotel, you'll likely find yourself facing a familiar quandary: Do I really trust this random public Wi-Fi network? As recently as a couple of years ago, the answer was almost certainly a resounding no. But in the year of our lord 2018? Friend, go for it. Wired: This advice comes with plenty of qualifiers. If you're planning to commit crimes online at the Holiday Inn Express, or to visit websites that you'd rather people not know you frequented, you need to take precautionary steps that we'll get to in a minute. Likewise, if you're a high-value target of a sophisticated nation state, stay off of public Wi-Fi at all costs. But for the rest of us? You're probably OK. That's not because hotel and airport Wi-Fi networks have necessarily gotten that much more secure. The web itself has.

"A lot of the former risks, the reasons we used to warn people, those things are gone now," says Chet Wisniewski, principle researcher at security firm Sophos. "It used to be because almost nothing on the internet was encrypted. You could sit there and sniff everything. Or someone could set up a rogue access point and pretend to be Hilton, and then you would connect to them instead of the hotel." In those Wild West days, in other words, signing onto a shared Wi-Fi network exposed you to myriad attacks, from hackers tracking your every move online, to so-called man-in-the-middle efforts that tricked you into entering your passwords, credit card information, or more on phony websites. A cheap, easy to use device called a Wi-Fi Pineapple makes those attacks simple to pull off. All of that's still technically possible. But a critical internet evolution has made those efforts much less effective: the advent of HTTPS.
This discussion has been archived. No new comments can be posted.

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used To Be More

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used To Be

Comments Filter:

  • I recommend the Chinese wifi (Score:3)

    by WillAffleckUW ( 858324 ) on Tuesday November 20, 2018 @04:46PM (#57676206) Homepage Journal

    It comes with laptop maintenance, even if you don't ask for it.

  • How should I connect to motherless for my daily dose of bestiality?
  • Awesome. Wired is a blank screen when I click on it.

  • Still don't trust it (Score:3)

    by jittles ( 1613415 ) on Tuesday November 20, 2018 @05:15PM (#57676324)
    Still don't trust public WiFi no matter how good the security of websites have become. And why should I trust it? There's no reason to. I can either tether to my phone or use the hotel WiFi. Cost to me is about the same. I'll use my phone unless I am in a foreign country and the WiFi is faster than my cellular data. But no matter where I am I always VPN to a "secure network" and use remote desktop to surf the web on a machine on that "trusted network." There's no need to trust someone else's network. Though once it leaves my LAN it ends up in an untrusted network regardless.

    • Re: (Score:2)

      by Darkk ( 1296127 )

      Using your own personal VPN connected to your home network or rather "secure network" is a good idea. Why bother with remote desktop to another computer connected via VPN when you can set your VPN client to route ALL traffic to the VPN server?

      • Using your own personal VPN connected to your home network or rather "secure network" is a good idea. Why bother with remote desktop to another computer connected via VPN when you can set your VPN client to route ALL traffic to the VPN server?

        For a variety of reasons. My bank account websites do not allow me to connect with a new web browser without authenticating it. It also keeps the website history and other information off of the laptop in case it gets lost or stolen (assuming they can bypass disk encryption). Sometimes I just bring an iPad and this lets me use the desktop at home as a full fledged computer for the times when a mobile browser is not ideal. It really just depends on what I am doing and what I have with me.

    • Re: (Score:2)

      by brunes69 ( 86786 )

      What you say is true when in-country, but not when travelling. International data at LTE speeds is still expensive.

  • People who care switch on their VPN if it's isn't already on by default and the other get spied on by even more people than usual.

    A VPN costs about 5$month for usually 5 machines concurrently (PCs, cellphones, tablets...)

    • The only problem with that is all those apps such as facebook, email, etc have already connected so they have sent your info, before you can get the VPN implemented.
      THe device connecting to the wifi would need to block all other traffic until the VPN is connected and there are very few things that do that.
  • It is very easy to set up a hotspot with a convincing name, that people will connect to. Do anything unencrypted in such a connection at your own peril.
  • American and British Spy Agencies Targeted in-flight Mobile Phone Use (Dec 7 2016) https://theintercept.com/2016/... [theintercept.com] .
    Southwinds, Thieving Magpie and Homing Pigeon
    Canada had the wifi part covered.

  • If I use a public WiFi, the very first thing I do is start a VPN connection up. ( My own server at home )

    If the WiFi disallows it, I disconnect.

    Easy.

    • If the WiFi disallows it, I disconnect.

      You may want to try iodine (tunnelling over DNS). Handles bogus WiFi pretty well.

      • Last time I was at a conference center, the DNS request is what blocked your address and forced you to go off to the captive portal. Those of us who had IPs memorized (or a hosts file entry) could connect and SSH/VPN in direct, and once connected get DNS over the VPN/SSH tunnel.

        This of course made the PHBs jealous in the planning meetings (we were setting up to host a large educational conference) so this lowly geek who was wondering why he was even being sent to these meetings suggested "hey, we're about

  • Of course in my case it's because I tether via phone instead of using airport or hotel WiFi.

  • So HTTPS is a new thing now?

    Seriously, 2000, you can stop now.

  • No it hasn't, if your “computer” can still be compromised by opening an email or clicking on a weblink.

  • That is, given appropriate safety measures, like using secure shell or a VPN tunnel. You cannot and never could trust the network.

  • This is how security SHOULD be implemented (Score:3)

    by Tony Isaac ( 1301187 ) on Tuesday November 20, 2018 @10:08PM (#57677718) Homepage

    Done correctly, it should not be necessary to trust intermediate third parties, in order to have a secure connection. Who knows who is carrying your packets between here and Romania! Who even knows if your packets are going through Romania, on their way to Texas! This is the nature of the internet.

    Make it possible to establish a secure connection between two parties, and it doesn't matter whether you are using Joe Shmo's cell phone hotspot with an SSID of Denver International WiFi.

  • A lot of corporate laptops leak information when connected to other networks, they try to connect to various internal resources and in doing so disclose either the ip addresses or the dns names.

  • I think the report misses the point. It's a bit like saying because more people are getting the flu shot these days, we don't need to wash our hands as much. The opportunity for attack over a public network has only increased. Sure HTTPS has reduced a subset, but it is far from an absolute cure-all. The folks most likely to trust a public access point are also the people most likely to ignore a certificate error for example. WPA2-PSK was designed to be used in a trusted environment (i.e. a home network). It

Slashdot Top Deals

"Free markets select for winning solutions." -- Eric S. Raymond

Close