|Topic Review (Newest First)|
|03-08-2012 06:59 PM|
Re: Security while using WiFi while cruising
Originally Posted by RobGallagher View Post
|03-08-2012 06:56 PM|
Re: Security while using WiFi while cruising
Someone correct me if I'm wrong because I'm no expert...
Cutting and pasting passwords that are pre-typed and stored somewhere (thumb drive or online storage) will stop keystroke loggers from getting the information.
|02-20-2012 05:03 PM|
There's a neat little program named "NoScript" that works with Firefox to stop sites from planting any cookies/scripts on your computer that you do not permit. Sometimes it's a PITA trying to identify which of the HUNDREDS of scripts to allow but it seems to keep most of the tracking crap out of the computer.
I never keep sensitive information stored on my computer. Even if it were hacked, there would be nothing of value as far as passwords, account numbers, etc. Flash drives are good for storing anything you don't want to be accessible.
Using any public wifi is crazy. While cruising it's a real hassle trying to transact anything online. Getting all your bill-paying done via auto-pay methods and planning to buy stuff only ashore are ways to minimize id theft. NEVER send a debit card number connected to your bank account into cyberspace.
|02-20-2012 04:09 PM|
If you use a two-factor (or three-factor) authentication scheme on a public terminal, then you prevent later attacks, however, you may still have shared other confidential information during THIS session.
Often it is easier to install malware on a backend server as they often don't have the same level of hardening (firewalls, antivirus software) because you often assume that is done at the perimeter devices.
Point being, VPN's have their place but they are complicated, harder to secure and would be overkill for your average cruiser - and they do not take care of the #1 risk factor of using public terminals.
There are tools to help prevent this; For us Linux users, try Fail2Ban - it stops hundreds of attackers on my network daily. For Windows users, they often rely on devices like Linksys or Netgear routers... I don't know what features they have for preventing dictionary attacks on systems like VNC/RemoteDesktop software.
The message is still "never ever ever never ever use public terminals."
You must watch things like having your password mailed to your phone; If you happen to lose your phone (unlocked) someone can check your e-mail, request a password change on your app (Facebook?) and have the password sent to the phone that they have stolen. Now they have your phone, your e-mail account and your Facebook account.
They key message through all of this is that there is *NO METHOD* for protecting yourself if you choose to use a public terminal. Don't do it. Don't login to your e-mail, web bank account or even Facebook from someone else's machine. Don't do it.
When you use your own machine, you simply need to practice safe web browsing.
1. Login to only SSL sites
2. Do not open strange attachments
3. Be very sure you only connect to known WiFi networks; If you have a low-limit credit card, use that.
4. Windows users: Ensure you have your antivirus up to date, firewall enabled and file sharing, desktop sharing and peer-to-peer sharing disabled. Don't forget your other services.
5. Linux users: Ensure you know what daemons/servers you have running, use IPTables firewalls for added safety and particularly use Fail2Ban.
6. Mac users: Hmmm, sorry, I'm not a mac user. I bet the linux advice applies to you as well.
7. Separate the fear (FUD) from actual threats. Don't bury your head in the sand or throw the dice with your choices because this subject sounds complicated or scary.
I hope this helps at least one person.
|02-20-2012 03:35 PM|
Originally Posted by Minnewaska View Post
I think someone is trying to scare you with the information about Facebook.
It is possible to trick people into downloading and executing a virus from Facebook links. However, using Facebook in itself cannot deliver a viral payload without the user performing some action (i.e. opening infected files or links).
Assuming people use basic safety sense; Antivirus, firewall and not opening strange attachments, it is highly unlikely you'll infect your own machine with a virus. I wouldn't spend any time worrying about viruses (including key loggers) if you practice safe browsing.
The use of key loggers is mostly seen on public terminals (web cafe's, hotel lobbies, libraries etc) because of the ease-of-access to these machines. Your personal/private laptop is difficult to reach where public terminals are easy pickings.
|02-20-2012 01:47 PM|
Originally Posted by shanedennis View Post
The original premise of this thread was that someone hijacked a set of account using a WiFi connection. I have been rolling this over and have come up with the following.
1. Presuming you are using your own computer make sure that network and file sharing are turned off. I don't know how many times I have checked into a hotel and found lots of computers used by the guests in the hotel. You would be amazed (or maybe not) what people store in their shared folders.
2. The reason I asked about VPN's was because if you have a business computer server you could tunnel to it. Yes, you do go outside from you server but one presumes it would be harder to install malware on the server.
3. Another option that might be useful would be a tool like "go to my PC." Of course this would not work on a shared computer (the keystroke logger problem still exists) but if you are using your own machine I believe you would have end to end encryption to your home computer.
4. Don't use web based access. I know that the "cloud" is the big thing these days, but for example financial transactions are a lot safer when downloaded to Quicken then when accessed on the web.
5. If you are somewhere that has decent cell phone coverage use two stage logons where possible. This is where you log on, the vendor sends your cell phone an access code, and you have to type the access code to gain access to your account. This system is now commonplace in the gaming community since hacking accounts is considered by some to be just another game. The other advantage is you know within seconds if someone is trying to get into your account.
6. And to repeat the advice of many - if you have stuff to protect use a single computer to only go to those sites. Don't expect to cruise around Facebook or Google or Yahoo and then go do your banking on the same computer and have any sense of security.
7. You are right about PKI. I do have a certificate but so few people do that the ability to send encrypted email and so forth is very limited. Also I don't know how to use the certificate with something like web based email - Outlook does send it and the receiver gets a message that I am who I say I am. But if I sent the same message from Google Web no such validation exists.
|02-19-2012 04:22 PM|
1. The other end of the VPN tunnel is a private, secure network. There is little to be gained using a VPN for browsing the public internet because your submissions always have to leave your your private network and travel over the public internet to reach public sites (eg: your bank). VPNs are intended to secure private networks only. The other end of the VPN is the secure, private network you want to connect to. For example, your bank may have a VPN which allows their employees to securely work from home but for security reasons they are never going to let their customers use it.
2. Good idea! Until that happens SSL certificates (https) serve the same purpose. As log as you ensure the domain name of your site is correct and you heed "invalid certificate" warning messages the SSL certificate provide extremely secure communications.
Remember, the internet, by it's very nature, is public and subsversive. It was designed to be an indestructible public network. This is why the Chinese, Egyptians, Syrians, Libyans etc have such a hard time controlling it. The best way to ensure your own security is to keep your computers free of spyware and ensure any sites you are communicating sensitive information with use SSL (https).
This is starting to feel way too much like my worklife. Time for me to check out of this thread and escape back into sailing stuff.
|02-19-2012 02:10 PM|
|Chkm8||Hi ALL .. setup Gmail Yahoo and Facebook to send password info to your cell phone hacker can't get that very easy and you can always recover it and set a delete password for old files for backup and download a copy of contacts. This gives you proof of info! It can be Done .. Paul|
|02-19-2012 02:01 PM|
|Minnewaska||I'm told that key loggers are commonly embedded in sites like Facebook. You can connect to that or any other website as securely as you like, but that wont prevent the infection. The virus will simply be transferred to you over a secure connection. Doh!|
|02-19-2012 01:46 PM|
Originally Posted by JordanH View Post
1. Presuming you are a regular cruiser who do you get to host the other end of a VPN tunnel?
2. There has been no discussion of PKI. Would a personal certificate help, particularly for someone running a business from their boat? I was hoping that some of the financial institutions would become certificate authorities as a service to their customers. Don't know of any now that do.
A penny (which you have to come and find me to collect) for your thoughts.
|This thread has more than 10 replies. Click here to review the whole thread.|