Should I avoid public hotspots without WPA?

I've been told that I run a giant security risk if I use a public Wi-Fi
location for anything unless it uses WPA or WPA2. Is that true?

Thanks.

On Sun, 5 Jun 2005 23:31:29 -0700, "Someone" <(E-Mail Removed)>
wrote:

>I've been told that I run a giant security risk if I use a public Wi-Fi
>location for anything unless it uses WPA or WPA2. Is that true?

Not true. Not even close. Most (not all) public hot spots use no
encryption at all. They wouldn't be public if they did. Some coffee
shops, that charge for wireless service, do use WEP64 or WEP128
encryption. When a customer pays, he gets told the secret WEP key of
the day. That's not much security if everyone in the coffee shop
knows the encryption key.

Your main risk in such a public hot spot is sniffing. An evil person,
such as myself, can sniff your traffic and extract your email, logins,
passwords, and such. If you're concerned about security, it's best to
check if your ISP has a VPN server available, and do all your surfing
through the encrypted VPN tunnel. 2nd best is checking your email via
SSH2, SSL, or other form of web browser encryption. That means using
webmail instead of a MUA such as Eudora, Thunderbird, Outlook or,
Outlook Express.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff Liebermann wrote:

> On Sun, 5 Jun 2005 23:31:29 -0700, "Someone" <(E-Mail Removed)>
> wrote:
>
>>I've been told that I run a giant security risk if I use a public Wi-Fi
>>location for anything unless it uses WPA or WPA2. Is that true?
>
> Not true. Not even close. Most (not all) public hot spots use no
> encryption at all. They wouldn't be public if they did. Some coffee
> shops, that charge for wireless service, do use WEP64 or WEP128
> encryption. When a customer pays, he gets told the secret WEP key of
> the day. That's not much security if everyone in the coffee shop
> knows the encryption key.
>
> Your main risk in such a public hot spot is sniffing. An evil person,
> such as myself, can sniff your traffic and extract your email, logins,
> passwords, and such. If you're concerned about security, it's best to
> check if your ISP has a VPN server available, and do all your surfing
> through the encrypted VPN tunnel. 2nd best is checking your email via
> SSH2, SSL, or other form of web browser encryption. That means using
> webmail instead of a MUA such as Eudora, Thunderbird, Outlook or,
> Outlook Express.
>

damn, jeff, thats sweet. tell it like it is and be truthful(an evil person,
such as myself). hell, ain't nothin' wrong with hackin'. its good for
security. America needs more like you. LOL

--redpIll

Someone wrote:

> I've been told that I run a giant security risk if I use a public Wi-Fi
> location for anything unless it uses WPA or WPA2. Is that true?
>

You can find an VPN ISP that you can use and set-up a software VPN solution
between the client VPN software on you machine and the VPN sever software
at the ISP for a secure wireless connection.

Duane

Someone <(E-Mail Removed)> wrote:
> I've been told that I run a giant security risk if I use a public Wi-Fi
> location for anything unless it uses WPA or WPA2. Is that true?

Other than T-Mobile, I don't think there are any public hotspots that use
WPA or WPA2. Most are wide open, so people can connect easily.

Boingo.com and sonic.net offer VPN, which secures your traffic from the
laptop to their server. This would work even if you were connecting via
someone else's hotspot. This protects against someone hacking the
coffeeshop infrastructure. You might have access to a VPN connection at
your work.

You should always run a personal firewall to help prevent someone from
attacking your system while connected directly to the internet. Most
hotspots already provide some hardware firewall between you and the
internet. Your personal firewall would also protect you from certain
people on the same hotspot.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

On 6-Jun-2005, "Someone" <(E-Mail Removed)> wrote:

> I've been told that I run a giant security risk if I use a public Wi-Fi
> location for anything unless it uses WPA or WPA2. Is that true?
>
> Thanks.

With the exception of being targeted for sniffing purposes, don't be afraid
of wireless public hotspots. Most of them do not provide encryption. With
that in mind, if you do decide to surf the internet via a public hotspot,
please make sure that you don not have "file and print sharing" enabled. If
you do, make sure you have it set up to where a username and password is
required to access the shares.

--
Just Me, D