SailNet Community

SailNet Community (http://www.sailnet.com/forums/)
-   General Discussion (sailing related) (http://www.sailnet.com/forums/general-discussion-sailing-related/)
-   -   Security while using WiFi while cruising (http://www.sailnet.com/forums/general-discussion-sailing-related/84003-security-while-using-wifi-while-cruising.html)

way-happy 02-17-2012 10:24 AM

Security while using WiFi while cruising
 
One of my friends recently got his gmail and facebook accounts hacked. The hacker changed his passwords and security questions, etc.. and now he can no longer access his accounts. For him this particularly hurts because he runs his small business through his gmail and facebook accounts. I mean to say that all of his contacts, documents, and calendar of job appointments are all gone to him.

He's utterly devastated, and gmail and facebook can't/won't confirm that he actually was the proper owner of the accounts and will not help him.

The most likely scenario that we've come up with is that his account information was sniffed when he (often) used open unsecured public wifi, like in a cafe or airport, etc.

Got me thinking about all the times that I've used unsecured open wifi in lord-knows-where on anchor. Got me to thinking about all of my cruising friends who run internet businesses and conduct their entire online lives via wifi.

So, I've enhanced the security settings on all my accounts, come up with very difficult new passwords and got some other strong security measures now, but I'm sure that there is more that could be done. I particularly like the new feature that you can enable on gmail and facebook that requires you to receive a txt message code on your phone to enable accessing your account from a new computer. I also use my work VPN whenever I have to access my bank accounts and credit cards, etc.

Anyone ever had their account information or identity stolen while cruising and using unknown wifi networks? What security measures do you all take to protect yourselves? What would you recommend to a friend who is just getting into cruising and is planning to run their lives from a computer while afloat? Maybe we can come up with a "best practices" for wifi use for cruisers or something.

rmeador 02-17-2012 10:33 AM

The #1 thing to do is ALWAYS use HTTPS/SSL/TLS (those are all names for the same thing; if the web address starts with "https" instead of "http", you're good). This encrypts all the traffic to the server, so even on an open wifi network, the best someone eavesdropping on you could tell is what site you're connecting to, not what you're sending. Many sites that default to "http" will still work fine if you change it to "https" in the address bar of your browser. Some sites, like gmail, offer a setting to force HTTPS in their settings page.

The #2 thing is link your cell phone to your account. Gmail does this, and I think facebook does too. That way, when you lose your password, you can reset it by getting a text. Gmail also offers "two step verififcation" authentication which is much more secure, and I believe this is what you alluded to before about receiving a text to authorize a new computer (this is distinct from the password recovery feature, AFAIK).

Using a VPN when on an open wifi network is also a very, very good idea.

PBzeer 02-17-2012 10:46 AM

I have to admit that I much prefer using a paid account (Verizon in my case). As a coastal cruiser, it keeps me connected where ever a cellphone can connect. Which is great for weather updates, advance info on marinas/stores and simply keeping in contact. The convenience to me, is worth the cost.

way-happy 02-17-2012 10:53 AM

Acknowledged: a cell phone 3g/4g based network card for a laptop or an iPad, etc is definitely better than using an open WiFi network. But, they are limited to 5-10 miles offshore and are only usable in the country where purchased, right?

As soon as we left Florida we couldn't use the iPad 3G any where in the Bahamas, but WiFi was available lots of places. Its a great tool for when you are in your home country, for sure, but when it is no longer available Wifi often still is the only option.

travlineasy 02-17-2012 10:55 AM

Gmail had lots of problems with hackers during the past several months, and it wasn't limited to Wi-Fi. I knows of a half dozen individuals who were hacked and ended up deleting the account because of the hacker problem.

Good luck,

Gary :cool:

kd3pc 02-17-2012 11:05 AM

me thinks you are assuming a lot thinking that by YOU using only https, you are fully protected, even the httpsEverywhere people will tell you that unless ALL points between you and the target surver are secure....things can and will go awry...pages will often appear different using https as opposed to http, as some apps do not play well in the https world. Certainly most of the payment/ordering transactions are handled via https...but that information is NOT the only information that I would want protected. Often times you have signed in and authenticated in the clear to a non https server, before being trounced to a secure server...

read up on man in the middle, spoofing, and end to end encryption....certificate fraud, mispellings on certificates, etc

it is also very important to SIGN out, just like you sign in and clear/close the screen or session...persistent cookies and sessions...

then there is the whole unsecured wifi...NEVER use a network that YOU don't know personally to transact business or personal information transactions. They are a meat market for hackers.

As touch free credit cards, credit card apps, and 100% info on your smartphone become more useful, the hackers will move there quickly, as security is no longer important to the seller....it SHOULD be for the user, but most users don't know the first thing about securing their device, let alone the myriad apps that pump their information to an increasingly insecure infrastructure.

The only valid assumption is that all public/free wifi networks are not protected in any way at all, or worse, are a collection point for YOUR information. Use at your own risk, no one is protecting your data, ever....worse outside the states...as the rules and requirements are either non-existent or different than those of the US

YMMV

rmeador 02-17-2012 11:22 AM

HTTPS guarantees an end-to-end encrypted connection (if some server in the middle is decrypting it, you will get a certificate error). You should not proceed if you get a certificate error, of course. Yes, there is a problem with forged certificates, but that is exceedingly rare, and it does not at all relate to open wifi network usage. Your data would be just as compromised in that case if you were on encrypted wifi or hardwired ethernet.

You are correct that many web sites will start out as HTTP and then only redirect you to HTTPS when you go to pay -- this is a problem, and many website operators have recognized this and now offer their entire site on HTTPS (you just have to edit it in the address bar). They may offer their entire site through HTTPS without even realizing they're doing so. But do beware of sites that will redirect you from HTTPS to HTTP after you log in, or ones that mix HTTP and HTTPS content on a single page (most browsers will pop up a message in this case saying "some items on this page are not secure").

sawingknots 02-17-2012 11:24 AM

i'm older and decidedly stupid pertaining to computors and the internet i just resently had my credit card compromised luckily the card company noticed that the trasactions were strange and notified me and declinded the charges,actually i use my c.card very little,i don't know if my pc was hacked or if the culprit was some business employee that had access to my info,i'm always hesitant about buying stuff online using my c.card

kd3pc 02-17-2012 11:30 AM

Quote:

Originally Posted by rmeador (Post 832683)
But do beware of sites that will redirect you from HTTPS to HTTP after you log in, or ones that mix HTTP and HTTPS content on a single page (most browsers will pop up a message in this case saying "some items on this page are not secure").

as well as sites that use a lot of images...few, if any are secure...ala wikipeadia uses a decent https setup, but the minute you pull an image in, it is an http connection...

images are very tough to guarantee secure....

good points to add, thanks

PBzeer 02-17-2012 11:35 AM

As to e-mail and any info I want to maintain on the net, I reserve my website hosted e-mail for "valued" contacts, and yahoo for all else. And while I could store info on the website, I prefer keeping it on an external hard drive.

You can access Verizon in the Bahamas, but you need to set it up before going. Countries Where Any Verizon Wireless Phone Will Work


All times are GMT -4. The time now is 09:57 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
(c) Marine.com LLC 2000-2012