Security while using WiFi while cruising - SailNet Community

   Search Sailnet:

 forums  store  


Quick Menu
Forums           
Articles          
Galleries        
Boat Reviews  
Classifieds     
Search SailNet 
Boat Search (new)

Shop the
SailNet Store
Anchor Locker
Boatbuilding & Repair
Charts
Clothing
Electrical
Electronics
Engine
Hatches and Portlights
Interior And Galley
Maintenance
Marine Electronics
Navigation
Other Items
Plumbing and Pumps
Rigging
Safety
Sailing Hardware
Trailer & Watersports
Clearance Items

Advertise Here






Go Back   SailNet Community > General Interest > General Discussion (sailing related)
 Not a Member? 


Like Tree9Likes
Reply
 
LinkBack Thread Tools
  #1  
Old 02-17-2012
way-happy's Avatar
was "wee happy"
 
Join Date: Oct 2011
Location: St. Augustine, FL
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
way-happy is on a distinguished road
Security while using WiFi while cruising

One of my friends recently got his gmail and facebook accounts hacked. The hacker changed his passwords and security questions, etc.. and now he can no longer access his accounts. For him this particularly hurts because he runs his small business through his gmail and facebook accounts. I mean to say that all of his contacts, documents, and calendar of job appointments are all gone to him.

He's utterly devastated, and gmail and facebook can't/won't confirm that he actually was the proper owner of the accounts and will not help him.

The most likely scenario that we've come up with is that his account information was sniffed when he (often) used open unsecured public wifi, like in a cafe or airport, etc.

Got me thinking about all the times that I've used unsecured open wifi in lord-knows-where on anchor. Got me to thinking about all of my cruising friends who run internet businesses and conduct their entire online lives via wifi.

So, I've enhanced the security settings on all my accounts, come up with very difficult new passwords and got some other strong security measures now, but I'm sure that there is more that could be done. I particularly like the new feature that you can enable on gmail and facebook that requires you to receive a txt message code on your phone to enable accessing your account from a new computer. I also use my work VPN whenever I have to access my bank accounts and credit cards, etc.

Anyone ever had their account information or identity stolen while cruising and using unknown wifi networks? What security measures do you all take to protect yourselves? What would you recommend to a friend who is just getting into cruising and is planning to run their lives from a computer while afloat? Maybe we can come up with a "best practices" for wifi use for cruisers or something.
chrisncate likes this.
__________________
Living, Loving, & Cruising on a 1968 Islander 37' sloop:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Share with Facebook
  #2  
Old 02-17-2012
Senior Member
 
Join Date: Jan 2010
Location: Boston, MA
Posts: 522
Thanks: 2
Thanked 1 Time in 1 Post
Rep Power: 5
rmeador is on a distinguished road
The #1 thing to do is ALWAYS use HTTPS/SSL/TLS (those are all names for the same thing; if the web address starts with "https" instead of "http", you're good). This encrypts all the traffic to the server, so even on an open wifi network, the best someone eavesdropping on you could tell is what site you're connecting to, not what you're sending. Many sites that default to "http" will still work fine if you change it to "https" in the address bar of your browser. Some sites, like gmail, offer a setting to force HTTPS in their settings page.

The #2 thing is link your cell phone to your account. Gmail does this, and I think facebook does too. That way, when you lose your password, you can reset it by getting a text. Gmail also offers "two step verififcation" authentication which is much more secure, and I believe this is what you alluded to before about receiving a text to authorize a new computer (this is distinct from the password recovery feature, AFAIK).

Using a VPN when on an open wifi network is also a very, very good idea.
__________________
1979 Gulfstar 37 Laissez Faire
Reply With Quote Share with Facebook
  #3  
Old 02-17-2012
PBzeer's Avatar
Wandering Aimlessly
 
Join Date: Nov 2002
Location: Cruising
Posts: 19,914
Thanks: 0
Thanked 81 Times in 78 Posts
Rep Power: 14
PBzeer has a spectacular aura about PBzeer has a spectacular aura about PBzeer has a spectacular aura about
I have to admit that I much prefer using a paid account (Verizon in my case). As a coastal cruiser, it keeps me connected where ever a cellphone can connect. Which is great for weather updates, advance info on marinas/stores and simply keeping in contact. The convenience to me, is worth the cost.
__________________
John
Ontario 32 - Aria

Free, is the heart, that lives not, in fear.
Full, is the spirit, that thinks not, of falling.
True, is the soul, that hesitates not, to give.
Alive, is the one, that believes, in love.
JCP


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- Website & Blog

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Share with Facebook
  #4  
Old 02-17-2012
way-happy's Avatar
was "wee happy"
 
Join Date: Oct 2011
Location: St. Augustine, FL
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
way-happy is on a distinguished road
Acknowledged: a cell phone 3g/4g based network card for a laptop or an iPad, etc is definitely better than using an open WiFi network. But, they are limited to 5-10 miles offshore and are only usable in the country where purchased, right?

As soon as we left Florida we couldn't use the iPad 3G any where in the Bahamas, but WiFi was available lots of places. Its a great tool for when you are in your home country, for sure, but when it is no longer available Wifi often still is the only option.
__________________
Living, Loving, & Cruising on a 1968 Islander 37' sloop:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Share with Facebook
  #5  
Old 02-17-2012
travlineasy's Avatar
Morgan 33 O.I. Perryville
 
Join Date: Dec 2010
Location: Maryland
Posts: 2,267
Thanks: 3
Thanked 55 Times in 45 Posts
Rep Power: 4
travlineasy will become famous soon enough
Gmail had lots of problems with hackers during the past several months, and it wasn't limited to Wi-Fi. I knows of a half dozen individuals who were hacked and ended up deleting the account because of the hacker problem.

Good luck,

Gary
Reply With Quote Share with Facebook
  #6  
Old 02-17-2012
kd3pc's Avatar
Senior Member
 
Join Date: Oct 2006
Location: Callao, VA
Posts: 1,332
Thanks: 0
Thanked 8 Times in 8 Posts
Rep Power: 8
kd3pc is on a distinguished road
me thinks you are assuming a lot thinking that by YOU using only https, you are fully protected, even the httpsEverywhere people will tell you that unless ALL points between you and the target surver are secure....things can and will go awry...pages will often appear different using https as opposed to http, as some apps do not play well in the https world. Certainly most of the payment/ordering transactions are handled via https...but that information is NOT the only information that I would want protected. Often times you have signed in and authenticated in the clear to a non https server, before being trounced to a secure server...

read up on man in the middle, spoofing, and end to end encryption....certificate fraud, mispellings on certificates, etc

it is also very important to SIGN out, just like you sign in and clear/close the screen or session...persistent cookies and sessions...

then there is the whole unsecured wifi...NEVER use a network that YOU don't know personally to transact business or personal information transactions. They are a meat market for hackers.

As touch free credit cards, credit card apps, and 100% info on your smartphone become more useful, the hackers will move there quickly, as security is no longer important to the seller....it SHOULD be for the user, but most users don't know the first thing about securing their device, let alone the myriad apps that pump their information to an increasingly insecure infrastructure.

The only valid assumption is that all public/free wifi networks are not protected in any way at all, or worse, are a collection point for YOUR information. Use at your own risk, no one is protecting your data, ever....worse outside the states...as the rules and requirements are either non-existent or different than those of the US

YMMV

Last edited by kd3pc; 02-17-2012 at 10:08 AM. Reason: typos
Reply With Quote Share with Facebook
  #7  
Old 02-17-2012
Senior Member
 
Join Date: Jan 2010
Location: Boston, MA
Posts: 522
Thanks: 2
Thanked 1 Time in 1 Post
Rep Power: 5
rmeador is on a distinguished road
HTTPS guarantees an end-to-end encrypted connection (if some server in the middle is decrypting it, you will get a certificate error). You should not proceed if you get a certificate error, of course. Yes, there is a problem with forged certificates, but that is exceedingly rare, and it does not at all relate to open wifi network usage. Your data would be just as compromised in that case if you were on encrypted wifi or hardwired ethernet.

You are correct that many web sites will start out as HTTP and then only redirect you to HTTPS when you go to pay -- this is a problem, and many website operators have recognized this and now offer their entire site on HTTPS (you just have to edit it in the address bar). They may offer their entire site through HTTPS without even realizing they're doing so. But do beware of sites that will redirect you from HTTPS to HTTP after you log in, or ones that mix HTTP and HTTPS content on a single page (most browsers will pop up a message in this case saying "some items on this page are not secure").
SVAuspicious and AdamLein like this.
__________________
1979 Gulfstar 37 Laissez Faire
Reply With Quote Share with Facebook
  #8  
Old 02-17-2012
Senior Member
 
Join Date: Feb 2005
Posts: 1,077
Thanks: 1
Thanked 1 Time in 1 Post
Rep Power: 10
sawingknots is on a distinguished road
i'm older and decidedly stupid pertaining to computors and the internet i just resently had my credit card compromised luckily the card company noticed that the trasactions were strange and notified me and declinded the charges,actually i use my c.card very little,i don't know if my pc was hacked or if the culprit was some business employee that had access to my info,i'm always hesitant about buying stuff online using my c.card
Reply With Quote Share with Facebook
  #9  
Old 02-17-2012
kd3pc's Avatar
Senior Member
 
Join Date: Oct 2006
Location: Callao, VA
Posts: 1,332
Thanks: 0
Thanked 8 Times in 8 Posts
Rep Power: 8
kd3pc is on a distinguished road
Quote:
Originally Posted by rmeador View Post
But do beware of sites that will redirect you from HTTPS to HTTP after you log in, or ones that mix HTTP and HTTPS content on a single page (most browsers will pop up a message in this case saying "some items on this page are not secure").
as well as sites that use a lot of images...few, if any are secure...ala wikipeadia uses a decent https setup, but the minute you pull an image in, it is an http connection...

images are very tough to guarantee secure....

good points to add, thanks
Reply With Quote Share with Facebook
  #10  
Old 02-17-2012
PBzeer's Avatar
Wandering Aimlessly
 
Join Date: Nov 2002
Location: Cruising
Posts: 19,914
Thanks: 0
Thanked 81 Times in 78 Posts
Rep Power: 14
PBzeer has a spectacular aura about PBzeer has a spectacular aura about PBzeer has a spectacular aura about
As to e-mail and any info I want to maintain on the net, I reserve my website hosted e-mail for "valued" contacts, and yahoo for all else. And while I could store info on the website, I prefer keeping it on an external hard drive.

You can access Verizon in the Bahamas, but you need to set it up before going. Countries Where Any Verizon Wireless Phone Will Work
__________________
John
Ontario 32 - Aria

Free, is the heart, that lives not, in fear.
Full, is the spirit, that thinks not, of falling.
True, is the soul, that hesitates not, to give.
Alive, is the one, that believes, in love.
JCP


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
- Website & Blog

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote Share with Facebook
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

 
Posting Rules
You may post new threads
You may post replies
You may post attachments
You may edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security While Cruising In Dangerous Places shamrock6 Cruising & Liveaboard Forum 89 03-24-2010 10:26 PM
WiFi for the Cruising Sailor sailingdog Electronics 12 07-30-2009 10:21 AM
Wifi jrd22 Gear & Maintenance 42 06-17-2009 12:51 PM
WiFi firstafair General Discussion (sailing related) 4 11-17-2007 02:34 PM
Wifi mallo Gear & Maintenance 3 03-21-2007 10:09 AM


All times are GMT -4. The time now is 10:33 PM.

Add to My Yahoo!         
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1
(c) Marine.com LLC 2000-2012

The SailNet.com store is owned and operated by a company independent of the SailNet.com forum. You are now leaving the SailNet forum. Click OK to continue or Cancel to return to the SailNet forum.