RebelCork Posted May 17, 2012 Share Posted May 17, 2012 I've just been reading this article ( http://www.theregister.co.uk/2012/05/09/hotel_wi_fi_malware_warning/ ), from theregister.co.uk. It seems that the IC3 is warning travellers not to upgrade their machines when on holiday over hotel networks, as if anyone here would do that !! Nice article, showing a flaw in peoples own security (people hack) Quote Link to comment Share on other sites More sharing options...
digip Posted May 17, 2012 Share Posted May 17, 2012 So long as when you go away on holiday, you always Tunnel or VPN back to a safe zone before surfing the web, you should be fine. All wifi should be treated as hostile. I've got OpenVPn setup on my tablet and laptop, so when I am using open wifi, I connect via the VPN and no one can see what I am doing. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 17, 2012 Share Posted May 17, 2012 I was reading this a few days ago... I love how the FBI issues their warnings. They said you shouldn't use wifi, but they proceeded to say that hotel wired networks are also dangerous. Well, I guess I'll just have to invent my own protocols before travelling! On a more serious note... how do you advise the average person about this? If I told my client to "verify software certificates before proceedings" they'd look at me like WTF. IMO that is not practical advice. I think the best thing to tell people would be that when they are connecting from any type of public network, wifi, wired, internet cafe, whatever, they're taking a certain risk and to protect themselves against that risk is going to require some reading and due diligence. Quote Link to comment Share on other sites More sharing options...
digip Posted May 17, 2012 Share Posted May 17, 2012 I was reading this a few days ago... I love how the FBI issues their warnings. They said you shouldn't use wifi, but they proceeded to say that hotel wired networks are also dangerous. Well, I guess I'll just have to invent my own protocols before travelling! On a more serious note... how do you advise the average person about this? If I told my client to "verify software certificates before proceedings" they'd look at me like WTF. IMO that is not practical advice. I think the best thing to tell people would be that when they are connecting from any type of public network, wifi, wired, internet cafe, whatever, they're taking a certain risk and to protect themselves against that risk is going to require some reading and due diligence. If using any network not of your own, wired or wireless, its pretty much the same thing. Wireless just more inherently open if on Open Wifi or WEP networks. Either way, if you're a business and your employees are on the road, they should always VPN in or have one setup if they are doing any connecting back to work. Goes for everyday users too, no reason not to tunnel or VPN your traffic when on the road. Won't prevent direct attacks on your machine from the local lan, but will encrypt all your traffic when speaking with the outside world. Darren and Shannon have been covering all sorts of tunnel stuff lately, so kind if fitting it goes with this thread. Good time to watch the recent episodes if you haven't seen his SSH series. Quote Link to comment Share on other sites More sharing options...
RebelCork Posted May 18, 2012 Author Share Posted May 18, 2012 The thing I especially like, is that people don't actually realise how insecure hotel systems are (speaking from experience) I worked in hotels for many a year (not in IT), and I am telling you I have seen it all. I once saw a guy bring in his own wifi router, plugging it into his hotel socket. A lot of smaller hotels, especially those trying to push conference business, use basic (cheap) equipment, and it is often not secure. Sure, some companies are savvy and provide vpn facilities, but how many people have vpn on their smartphone/tablet (besides us paranoid freaks :) ?? ) One place where I worked, catered for business travellers in particular, and the subject of internet security in relation to guests came up at a management meeting, as we have a lot of high profile business from a certain fruit company. We spent a money on a firewall for the guest side of the network. Within 1 month, we had to take it down, purely because of complaints that ports were being blocked, etc. Another place where I worked, jut used cheap ass Belkin routers everywhere to serve wifi. I wish I had the pineapple then !! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 18, 2012 Share Posted May 18, 2012 (edited) I'd just use a VPN service, like Cyberghostvpn or Nvpn to tunnel all my traffic through. That way, even if someone tried sniffing my data it would be encrypted and protected. Also Darren did a lot of segments on wireless security, that it shouldn't be a problem to implement. Edited May 18, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
badbass Posted May 20, 2012 Share Posted May 20, 2012 One could have fun creating a rogue access point. If you have two wireless adapters. Send them where you want. The memo was sent out to a certain operating system crowd. I know any open network should be treated as unsafe. A good suggestion vpn to a safe zone. Lots of business owners in downtown Sarasota have WIFI but you have to know or ask the waitress for the pass phrase for some. That is something for another post. Even downtown Sarasota has their own public WIFI. They have a proxy and you have go their mc d's like sign in page. The proxy probably blocks everything including HAK5. Lots of businesses have wifi you just have to troll with your laptop and or phone. I use wiggle WIFI for android I have a gps to on it to map them. Any downtown city has WIFI you just have to look and be careful. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.