Commercial HotSpots & Security...

hi there

i have a question.... if i subscribed to something like Boingo, or any
other hotspot/wifi provider, would i have to be concerned with ftp'ing,
checking my e-mail, etc in a boingo hotspot? can the passwords to my ftp
server/email server be sniffed out, or does Boingo create some sort of
encrypted connection, or... should i never do anything that involves
passwords in public?

thanks

On Wed, 08 Oct 2003 14:22:45 -0500, Good Man <(E-Mail Removed)> declared:

>hi there
>
>i have a question.... if i subscribed to something like Boingo, or any
>other hotspot/wifi provider, would i have to be concerned with ftp'ing,
>checking my e-mail, etc in a boingo hotspot? can the passwords to my ftp
>server/email server be sniffed out, or does Boingo create some sort of
>encrypted connection, or... should i never do anything that involves
>passwords in public?
>
>thanks

You should invest in a personal firewall solution for your PC. In short, the
answer is yes to your questions.
----------------------------------------
~ ghostmagic ~ I see stupid people...

In article <Xns940E9C7283362sonicyouth@206.127.4.10>, (E-Mail Removed)
says...
> hi there
>
> i have a question.... if i subscribed to something like Boingo, or any
> other hotspot/wifi provider, would i have to be concerned with ftp'ing,
> checking my e-mail, etc in a boingo hotspot? can the passwords to my ftp
> server/email server be sniffed out, or does Boingo create some sort of
> encrypted connection, or... should i never do anything that involves
> passwords in public?

Yes. FTP and POP3 protocols transmit your login and password information
in the clear.

WEP will provide a modicum of security by encrypting the wireless
portion of your traffic, but cracking WEP is a relatively trivial
exercise.

Alas, many, if not most public hotspots use no WEP encryption at all.

Good Man <(E-Mail Removed)> wrote:
> i have a question.... if i subscribed to something like Boingo, or any
> other hotspot/wifi provider, would i have to be concerned with ftp'ing,
> checking my e-mail, etc in a boingo hotspot? can the passwords to my ftp
> server/email server be sniffed out, or does Boingo create some sort of
> encrypted connection, or... should i never do anything that involves
> passwords in public?

There is no encryption added. The public hotspots don't use WEP.
Boingo, in particular, offers a VPN service that is additional to the
access subscription price. This offers encryption from you through the
wireless portion to their VPN server.

Without that, if you are reading email via an https web page that may all
be encrypted, I'm not sure. ftp and telnet send passwords in the clear.
You might want to use ssh instead of telnet to at least get to your ISP
with some encryption.

I usually connect with my VPN to my company network and then from there
onto the internet.

Having a personal firewall on any wireless-equipped laptop is a good
thing, but it does nothing to prevent someone from sniffing the traffic.
It only helps prevent having someone attack your PC.


--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

(E-Mail Removed) wrote in news:bm2gmb$18s$(E-Mail Removed):

> Without that, if you are reading email via an https web page that may
> all be encrypted, I'm not sure. ftp and telnet send passwords in the
> clear. You might want to use ssh instead of telnet to at least get to
> your ISP with some encryption.
>
> I usually connect with my VPN to my company network and then from
> there onto the internet.

man, whats the point of these hotspots then!? to 'surf' the web for
fun? i thought there was some notion of productivity involved, meaning
going out and getting work done, which usually would require an internet
connection and semi-private/sensitive data. does the term 'public
hotspot' really mean 'hacker haven'? i'm guessing people are typing
email passwords unencrypted all the time....

could i set up my home XP Pro computer (behind a Linksys BEFW11S4
router) to be a VPN server to achieve what you do? might you be able
to point me to some settings?

thanks.

Good Man <(E-Mail Removed)> wrote:

> could i set up my home XP Pro computer (behind a Linksys BEFW11S4
> router) to be a VPN server to achieve what you do? might you be able
> to point me to some settings?

Any serious business that allows access to its internal network from the
internet better be doing it via VPN.

Surfing the 'net probably isn't interesting enough for anyone to want to
sniff the packets. And it's just as secure as using a public computer or
connection in a coffee shop or hotel, where you don't know what devices may
be sniffing the wired connection.


You can set up some VPN server on your home computer, but can you get to it
at all from the internet now? Then so can everyone else. Getting there
from a wireless connection doesn't make it less secure.

There are also routers that contain VPN servers. The SMC7004WFW that
I have offers a VPN server built into the router.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

"Good Man" <(E-Mail Removed)> wrote in message
news:Xns940EECE87264sonicyouth@206.127.4.10...
> (E-Mail Removed) wrote in news:bm2gmb$18s$(E-Mail Removed):
>
> > Without that, if you are reading email via an https web page that may
> > all be encrypted, I'm not sure. ftp and telnet send passwords in the
> > clear. You might want to use ssh instead of telnet to at least get to
> > your ISP with some encryption.
> >
> > I usually connect with my VPN to my company network and then from
> > there onto the internet.
>
> man, whats the point of these hotspots then!? to 'surf' the web for
> fun? i thought there was some notion of productivity involved, meaning
> going out and getting work done, which usually would require an internet
> connection and semi-private/sensitive data. does the term 'public
> hotspot' really mean 'hacker haven'? i'm guessing people are typing
> email passwords unencrypted all the time....
>
> could i set up my home XP Pro computer (behind a Linksys BEFW11S4
> router) to be a VPN server to achieve what you do? might you be able
> to point me to some settings?
>
> thanks.

It's very productive and very secure.. Where have you been?

In article <Xns940EECE87264sonicyouth@206.127.4.10>,
Good Man <(E-Mail Removed)> wrote:

> man, whats the point of these hotspots then!? to 'surf' the web for
> fun? i thought there was some notion of productivity involved, meaning
> going out and getting work done, which usually would require an internet
> connection and semi-private/sensitive data. does the term 'public
> hotspot' really mean 'hacker haven'? i'm guessing people are typing
> email passwords unencrypted all the time....

If you have work to do that's private you use ssh, VPNs, secure tunnels,
whaterver. The same protocals you use at home when doing private work.

You wouldn't log into your email using pop in the clear at home, no
different at a public hotspot.

In article <Xns940EECE87264sonicyouth@206.127.4.10>, (E-Mail Removed)
says...
> (E-Mail Removed) wrote in news:bm2gmb$18s$(E-Mail Removed):
>
> > Without that, if you are reading email via an https web page that may
> > all be encrypted, I'm not sure. ftp and telnet send passwords in the
> > clear. You might want to use ssh instead of telnet to at least get to
> > your ISP with some encryption.
> >
> > I usually connect with my VPN to my company network and then from
> > there onto the internet.
>
> man, whats the point of these hotspots then!? to 'surf' the web for
> fun? i thought there was some notion of productivity involved, meaning
> going out and getting work done, which usually would require an internet
> connection and semi-private/sensitive data. does the term 'public
> hotspot' really mean 'hacker haven'? i'm guessing people are typing
> email passwords unencrypted all the time....
>
> could i set up my home XP Pro computer (behind a Linksys BEFW11S4
> router) to be a VPN server to achieve what you do? might you be able
> to point me to some settings?
>
> thanks.
>
Here's a link to a decent white paper on security/hot spots.

*
Perhaps the most significant development in enterprise remote access
since the adoption of VPN technologies is the use of high-speed
?hotspots?. Wireless is quickly becoming the access mechanism of choice
for the mainstream and is no longer limited to early adopters. Chances
are many of your employees are active hotspot users even if corporate
security policies forbid wireless. Most network administrators don?t
know if employees are accessing corporate resources through wireless
?hotspots?, or whether they are using wireless technologies responsibly.
What behavioral changes may be warranted by your users, administrators,
executives to identify and mitigate the security issues found in hostile
environments?

http://www.atstake.com/research/repo...an_hotspots.pd
f

(watch out for line wrap above)

---Matthew

Good Man <(E-Mail Removed)> wrote in
news:Xns940E9C7283362sonicyouth@206.127.4.10:

> hi there
>
> i have a question.... if i subscribed to something like Boingo, or any
> other hotspot/wifi provider, would i have to be concerned with
> ftp'ing, checking my e-mail, etc in a boingo hotspot? can the
> passwords to my ftp server/email server be sniffed out, or does Boingo
> create some sort of encrypted connection, or... should i never do
> anything that involves passwords in public?
>
> thanks

boingo client supports VPN, so you'r safe