Security while using WiFi while cruising - Page 2 - SailNet Community

   Search Sailnet:

 forums  store  


Quick Menu
Forums           
Articles          
Galleries        
Boat Reviews  
Classifieds     
Search SailNet 
Boat Search (new)

Shop the
SailNet Store
Anchor Locker
Boatbuilding & Repair
Charts
Clothing
Electrical
Electronics
Engine
Hatches and Portlights
Interior And Galley
Maintenance
Marine Electronics
Navigation
Other Items
Plumbing and Pumps
Rigging
Safety
Sailing Hardware
Trailer & Watersports
Clearance Items

Advertise Here






Go Back   SailNet Community > General Interest > General Discussion (sailing related)
 Not a Member? 


Like Tree9Likes
Reply
 
LinkBack Thread Tools
  #11  
Old 02-17-2012
Senior Member
 
Join Date: Jan 2009
Location: Deer Harbor, Washington
Posts: 215
Thanks: 0
Thanked 9 Times in 9 Posts
Rep Power: 6
mitchbrown is on a distinguished road
SawingKnots

one good way to go for credit cards online is to get a paypal account. You give them your credit card info and from then on they make the payments and then they bill your credit card. this way your credit card is never transmited anywhere.

Mitch
sawingknots likes this.
Reply With Quote Quick reply to this message Share with Facebook
  #12  
Old 02-17-2012
PBzeer's Avatar
Wandering Aimlessly
 
Join Date: Nov 2002
Location: Cruising
Posts: 20,258
Thanks: 0
Thanked 86 Times in 83 Posts
Rep Power: 14
PBzeer has a spectacular aura about PBzeer has a spectacular aura about PBzeer has a spectacular aura about
Paypal isn't perfect either. Had my account there hacked by someone who took my card number off a POS, probably at a restaurant or other venue where they take your card out of sight.
sawingknots likes this.
__________________
John
Ontario 32 - Aria

Free, is the heart, that lives not, in fear.
Full, is the spirit, that thinks not, of falling.
True, is the soul, that hesitates not, to give.
Alive, is the one, that believes, in love.
JCP


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- Website & Blog

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Quick reply to this message Share with Facebook
  #13  
Old 02-17-2012
Sailboat Reboot
 
Join Date: Jun 2000
Location: On Board
Posts: 470
Thanks: 2
Thanked 26 Times in 24 Posts
Rep Power: 15
svzephyr44 is on a distinguished road
Send a message via Skype™ to svzephyr44
WiFi sniffing is one of the least productive methods for hackers to compromise your account. First, they have to be almost in the same room (WiFi doesn't travel that far,) have some software that would seem curious in an internet cafe, and be able to spend quite a bit of time hanging out waiting for the person logging into their bank account or business account.

Far more productive is to sit on the wired side of the connection (i.e. the connection from the cafe to the rest of the internet.) Using the same tools that are used to debug Ethernet connections they can read 100% of the traffic. Now it is true that on an HTTPS connection that traffic is encrypted but not all people on the link nor all interactions will be via HTTPS.

My personal view is that most of these hijacks are inside jobs. Like running illegal drugs the potential payoff for a programmer at Google for downloading a few thousand account names and passwords could be pretty big. Consider that Bradley Manning (assuming he did it) got access to and downloaded thousands of secret communications simply because he was "upset."
Reply With Quote Quick reply to this message Share with Facebook
  #14  
Old 02-17-2012
Senior Member
 
Join Date: Feb 2010
Location: Narragansett Bay
Posts: 9,098
Thanks: 10
Thanked 142 Times in 128 Posts
Rep Power: 6
Minnewaska will become famous soon enough Minnewaska will become famous soon enough
Encryption is good, but far from bulletproof. Bad guys know that banks have poured on serious measures to prevent hacking their systems. They are going after the consumer instead, by placing a keystroke logger virus on your personal computer. It doesn't matter if the connection is secure. Theyare typically embedded into social media sites that you signed onto. Maybe even this one. Once unknowingly installed, they simply capture every button you press until they see you type a password. Off goes the info to the bad guy and youre toast. They've become very sneaky and write the programs to morph multiple times, even within the same day, so that anti virus programs can't keep up with file names, etc.

There are financial institutions that are trying to help, but it's the consumers problem.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Jeanneau 54DS

In the harsh marine environment, something is always in need of repair. Margaritas fix everything.
Reply With Quote Quick reply to this message Share with Facebook
  #15  
Old 02-17-2012
Senior Member
 
Join Date: Jan 2009
Location: Deer Harbor, Washington
Posts: 215
Thanks: 0
Thanked 9 Times in 9 Posts
Rep Power: 6
mitchbrown is on a distinguished road
Quote:
Originally Posted by PBzeer View Post
Paypal isn't perfect either. Had my account there hacked by someone who took my card number off a POS, probably at a restaurant or other venue where they take your card out of sight.
PB

Can you elaborate on how this could happen? As far as i know you use you email address and password to access or pay with PayPal. Not sure how someone with your credit card info could do anything thru PayPal.

Mitch
Reply With Quote Quick reply to this message Share with Facebook
  #16  
Old 02-17-2012
Senior Member
 
Join Date: Feb 2008
Location: N. VA
Posts: 656
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 7
dacap06 is on a distinguished road
Send a message via Yahoo to dacap06
Take it from an old computer engineer -- rmeader hit the nail on the head. SSL/TLS or IPSEC is the best bet, and the only way to get it consistently is to use a VPN service. You don't control whether the web server provides HTTPS or not, and not all do. Similarly, in public hot spots the wireless connections are open to everyone and everyone can see everyone else's data (with the right collection tools). The VPN enrypts all your data in transit to its VPN server, which relays it out to the Internet backbone where tampering and monitoring are highly unlikely. There is a slight performance penalty, but if you can live with the performance penalty of HTTPS links then you can live with the performance penalty of a VPN since they are about the same. Besides, it is a small price to pay to guard against identity theft.

Using a VPN service means you go over every local connection using a secure tunnel, even the open ones like at marinas, Starbucks, and Panera Bread. Anyone monitoring your data stream, be it with Wireshark or some other packet sniffing tool, will see your VPN server as its destination for all packets and will just see encrypted data (which looks like nonsense). The destination then sends its responses to your VPN service, which in turn relays it to you via the encrypted link, aka the VPN.

There are plenty of decent VPN services and they are not terribly expensive. Read this article at Lifehacker.com to find out about a few. You can Google for more articles too, if you like. I don't advocate for any one over the others. Do your homework and decide which is best for you.

One thing I will recommend, though, is choosing the OpenVPN client. You run it on your computer to connect to the VPN server. It is free, fast, and efficient open source software that is very high quality and is available for multiple operating systems including multiple Windows flavors, Linux, and OS X. If you are running iOS or Android you'll have to choose something else.

Is a VPN bulletproof? Well, no -- nothing is. But breaking it is very, very difficult. It is far more secure than your Windows computer! The most common methods to get at data over a VPN are to implant keystroke loggers or spyware on your Windows system using social engineering. What you want to do is keep your system free of infection and use a VPN. You become such a difficult target that hackers will look elsewhere for lower hanging fruit.


Tom
__________________
T. P. Donnelly
S/V Tranquility Base
1984 Islander 30 Bahama
Pasadena, MD

Last edited by dacap06; 02-17-2012 at 11:30 AM.
Reply With Quote Quick reply to this message Share with Facebook
  #17  
Old 02-17-2012
PBzeer's Avatar
Wandering Aimlessly
 
Join Date: Nov 2002
Location: Cruising
Posts: 20,258
Thanks: 0
Thanked 86 Times in 83 Posts
Rep Power: 14
PBzeer has a spectacular aura about PBzeer has a spectacular aura about PBzeer has a spectacular aura about
Mitch - I'm not sure how it happened. I hadn't used my card online for at least 6 months (or paypal) and there was no evidence of my e-mail being hacked. It was, and remains a mystery to me how it happened.
__________________
John
Ontario 32 - Aria

Free, is the heart, that lives not, in fear.
Full, is the spirit, that thinks not, of falling.
True, is the soul, that hesitates not, to give.
Alive, is the one, that believes, in love.
JCP


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- Website & Blog

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Quick reply to this message Share with Facebook
  #18  
Old 02-17-2012
kd3pc's Avatar
Senior Member
 
Join Date: Oct 2006
Location: Callao, VA
Posts: 1,346
Thanks: 0
Thanked 9 Times in 9 Posts
Rep Power: 9
kd3pc is on a distinguished road
Quote:
Originally Posted by svzephyr44 View Post
WiFi sniffing is one of the least productive methods for hackers to compromise your account. First, they have to be almost in the same room (WiFi doesn't travel that far,) have some software that would seem curious in an internet cafe, and be able to spend quite a bit of time hanging out waiting for the person logging into their bank account or business account.
again, guys do your homework...the wifi at my marina could be picked up by MY boat with an Ubiquity system, over a mile away.

While not as quick, it can be, and is for some VERY lucrative. No ONE has ever asked to see what software I am running, and I would never tell someone what I am doing, IF asked...it is none of their business what I am doing at the Cafe. It is quite normal for some folks to be there all day, several days a week. See Social Engineering below. All part of the process. I am not really after your bank account right there, I am more interested in your passwords, logins and sites....that is where the real in roads can be made. Then compromise your machine, then the bank and such.

the software to sniff, is little more than an app that runs in the background on my machine...ethical hacker that I am...two other programs and I can sniff almost any wireless. Add in a password cracker, some generic keys to "standard" encryptions...and voila

The hacker, a good one, can learn more by "social engineering"...my favorite line is "excuse me, I left the password to the net, back in my room, do you have it, or should I just go to the checkin desk"...has yet to fail. Even more convincing, is to have them "enter" it on my computer....they think that they have kept things secure, because they did not know that my key logger was working....

In a job for a very large insurance company in IL...I was able to get past security at the entrance, on to a swipe access elevator, to the third floor "training room" (it was actually on the second floor, but security either did not care or did not know), and in to my room with NO credentials, no drivers license or corporate ID required anywhere in the chain....

Believe me, when the Compliance CEO read my report and listened to my presentation...he was not at all happy.

Security is in YOUR hands, no one else is going to do it for you, or as some of you have found out.....they won't even help you with YOUR account...

YMMV
Reply With Quote Quick reply to this message Share with Facebook
  #19  
Old 02-17-2012
travlineasy's Avatar
Morgan 33 O.I. Perryville
 
Join Date: Dec 2010
Location: Maryland
Posts: 2,354
Thanks: 3
Thanked 63 Times in 53 Posts
Rep Power: 4
travlineasy will become famous soon enough
If anyone is actually foolish enough to believe their personal and account information is safe just because they use a complex password and user name consider the fact that not too many years ago the Pentagon's most secure system was hacked by a 14-year-old kid in Russia and he claimed it only took him a couple days to get into the system. I tell my adult children, particularly my daughter, to never put anything on line that you don't want the entire world to see. She put stuff on Facebook, believing that anyone without an invitation would never see it--WRONG! Now she's paying the consequences.

Good Luck,

Gary
Reply With Quote Quick reply to this message Share with Facebook
  #20  
Old 02-17-2012
PBzeer's Avatar
Wandering Aimlessly
 
Join Date: Nov 2002
Location: Cruising
Posts: 20,258
Thanks: 0
Thanked 86 Times in 83 Posts
Rep Power: 14
PBzeer has a spectacular aura about PBzeer has a spectacular aura about PBzeer has a spectacular aura about
Were I to buy something online now, I would buy a pre-paid card to use.
sawingknots likes this.
__________________
John
Ontario 32 - Aria

Free, is the heart, that lives not, in fear.
Full, is the spirit, that thinks not, of falling.
True, is the soul, that hesitates not, to give.
Alive, is the one, that believes, in love.
JCP


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- Website & Blog

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Quick reply to this message Share with Facebook
Reply

Quick Reply
Message:
Options

By choosing to post the reply above you agree to the rules you agreed to when joining Sailnet.
Click Here to view those rules.

Register Now

In order to be able to post messages on the SailNet Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
Please note: After entering 3 characters a list of Usernames already in use will appear and the list will disappear once a valid Username is entered.
User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

 
Posting Rules
You may post new threads
You may post replies
You may post attachments
You may edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security While Cruising In Dangerous Places shamrock6 Cruising & Liveaboard Forum 89 03-24-2010 10:26 PM
WiFi for the Cruising Sailor sailingdog Electronics 12 07-30-2009 10:21 AM
Wifi jrd22 Gear & Maintenance 42 06-17-2009 12:51 PM
WiFi firstafair General Discussion (sailing related) 4 11-17-2007 02:34 PM
Wifi mallo Gear & Maintenance 3 03-21-2007 10:09 AM


All times are GMT -4. The time now is 04:00 AM.

Add to My Yahoo!         
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
(c) Marine.com LLC 2000-2012

The SailNet.com store is owned and operated by a company independent of the SailNet.com forum. You are now leaving the SailNet forum. Click OK to continue or Cancel to return to the SailNet forum.