Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Open network WIFI security
New Posts  All Forums:Forum Nav:

Open network WIFI security

post #1 of 11
Thread Starter 
How does security work when you connect to an open network that doesn't use any encryption, and those that use encryption, where you connect to their WIFI and then acknowledge the use with a confirmation on their website, before you can use internet.

I'm concerned with passwords being sniffed or picked up. Can they pick up a password if you don't enter it? I mean if your mobile phone have a widget of Facebook and the pass is already known for the widget, and the widget updates news... will the pass go through the network and be exposed to those that can pick it up?
Edited by nicoliani - 12/10/12 at 8:07am
post #2 of 11
Yeah, it's not the entering, it's the transmission of data that could be picked up.

That said, encrypted traffic (i.e. using the https protocol) is ok if I understand correctly.....
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
Little Beast
(12 items)
 
Black 'n' blue II
(15 items)
 
 
CPUGraphicsRAMHard Drive
Intel Core i7-4710MQ Nvidia Geforce GTX860M 2GB 16GB Kingston DDR3 1600MHz 240Gb Silicon Power S55/S60 SSD 
Hard DriveOSOSMonitor
1Tb Toshiba HDD 5400rpm Windows 8.1 Linux Mint 18 17.3" LED 1920x1080 
CaseMouseMouse PadAudio
PCSpecialist Optimus V ST17-860 Logitech MX518 Steelseries QcK Creative HS800 Fatal1ty 
CPUMotherboardGraphicsRAM
Core i7 860 @ 1.25V MSI P55-GD65 Xpertvision Radeon HD4850 4GB G.Skill Ripjaw 
Hard DriveOptical DriveCoolingOS
150Gb Velociraptor & 1Tb WD Caviar Black Opticon Lightscribe DVD-RW DL Noctua NH-U12P SE2 Vista Home Premium x64 
MonitorKeyboardPowerCase
Hyundai BlueH H224W 22" LCD Saitek Eclipse II Thermaltake Purepower RX 550 Galaxy III 
Mouse
Patuoxun optical gaming mouse 3200dpi 
  hide details  
Reply
post #3 of 11
If passwords are sent in plaintext, anyone could pick them out.

Check the sites you're logging into for for HTTPS/SSL,

A good practice, that I personally use, is to connect to a known secure system via SSH and create a secure tunnel. This way all your data is safe(r).
    
CPUMotherboardGraphicsRAM
Intel Overdrive 486DX4 100Mhz Digital Venturis 466 S3 Trio 32 1MB 68MB 72 Pin SIMMs 
Hard DriveOptical DriveOSMonitor
1.2Gb & 270Mb 32X CD-ROM Windows 98 SE LG 23" Flatron 
KeyboardPowerCaseMouse
Microsoft PS/2 Lite-On Digital Venturis 466 Logitech PS/2 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Overdrive 486DX4 100Mhz Digital Venturis 466 S3 Trio 32 1MB 68MB 72 Pin SIMMs 
Hard DriveOptical DriveOSMonitor
1.2Gb & 270Mb 32X CD-ROM Windows 98 SE LG 23" Flatron 
KeyboardPowerCaseMouse
Microsoft PS/2 Lite-On Digital Venturis 466 Logitech PS/2 
  hide details  
Reply
post #4 of 11
Anyone can sit outside and capture a bunch of packets out of the air for plaintext data without even authenticating to the network. On an open or WEP network this is trivial.
Quote:
I'm concerned with passwords being sniffed or picked up. Can they pick up a password if you don't enter it?
If it's a cleartext authentication, the fact you have an automated login is irrelevant. The password would still be visible. Even with things like Facebook without SSL, you can capture the cookie of a user and be logged in as them without even knowing a password.
Quote:
Originally Posted by killabytes View Post

A good practice, that I personally use, is to connect to a known secure system via SSH and create a secure tunnel. This way all your data is safe(r).

This.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #5 of 11
Quote:
How does security work when you connect to an open network that doesn't use any encryption, and those that use encryption, where you connect to their WIFI and then acknowledge the use with a confirmation on their website, before you can use internet.


An open network or a locked network does not mean your data transmitted is encrypted. It simply means that the key used to access the network is encrypted (WEP, WPA1/2- PSK, AES-TKIP).

Once you have a key to access the network, data transferred can be viewed. However it is up to you on how that data is transferred. if you send a password over HTTP with no encryption, then yes, it can be seen regardless of open or closed wireless authentication. You have to make sure your connection is transferred over HTTPS/SSL/TLS not the coffee shop you pass by.


I would also second using an encrypted VPN tunneled connection your mobile or laptop device when you connect to these networks.
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #6 of 11
Quote:
Originally Posted by nicoliani View Post

How does security work when you connect to an open network that doesn't use any encryption, and those that use encryption, where you connect to their WIFI and then acknowledge the use with a confirmation on their website, before you can use internet.
I'm concerned with passwords being sniffed or picked up. Can they pick up a password if you don't enter it? I mean if your mobile phone have a widget of Facebook and the pass is already known for the widget, and the widget updates news... will the pass go through the network and be exposed to those that can pick it up?

droidsheep can do this it like a man in the middle attack but your stealing cookies and just session hijacking someone.
it work like this my cell phone connects to the network normally than i turn it on droid sheep and start spoofing and it tells all device connected to the router i'm the router so all info goes to through me first than the really router than the internet.
so if you don't use HTTPS on Facebook or other sites when you log in people can have the cookies that contain you login are sent on there phone or computer depending on the program they use.
they click which one website they want to session hijack and BAM there on your Facebook writing posts seeing who your friends are maybe grabbing your credit card numbers

another video of a computer doing this attack
Edited by everlast4291987 - 12/10/12 at 1:17pm
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K P8Z68-V GEN3 Evga gtx 670 G.SKILL Ripjaws X Series 8GB (2 x 4GB) 240-Pin ... 
Hard DriveHard DriveHard DriveCooling
crucial m4 128gb seagate fa goflex desk Fantom Drives Diamond  Kühler H2O 620 
CoolingOSMonitorMonitor
XSPC Raystorm windows 7 professional  Asus VG248QE 144hz  50PA5500 50” Class Full HD 1080p Plasma TV (49.... 
KeyboardPowerCaseMouse
logitech g510  AXP-1000R14HE phantom black atx full Logitech G500s 
Mouse PadAudioAudioOther
Logitech G Astro A40 Turtle beach earforce x12 White External 3 x 360 Radiator and Pump Case &... 
Other
Xbox 360 Wireless Gaming Receiver for Windows 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i5 2500K P8Z68-V GEN3 Evga gtx 670 G.SKILL Ripjaws X Series 8GB (2 x 4GB) 240-Pin ... 
Hard DriveHard DriveHard DriveCooling
crucial m4 128gb seagate fa goflex desk Fantom Drives Diamond  Kühler H2O 620 
CoolingOSMonitorMonitor
XSPC Raystorm windows 7 professional  Asus VG248QE 144hz  50PA5500 50” Class Full HD 1080p Plasma TV (49.... 
KeyboardPowerCaseMouse
logitech g510  AXP-1000R14HE phantom black atx full Logitech G500s 
Mouse PadAudioAudioOther
Logitech G Astro A40 Turtle beach earforce x12 White External 3 x 360 Radiator and Pump Case &... 
Other
Xbox 360 Wireless Gaming Receiver for Windows 
  hide details  
Reply
post #7 of 11
Thread Starter 
I was curios about an app in the Google Play named "Wifi Protector", would this help for what I'm looking for?
post #8 of 11
You need to use something like Hotspot Shield. Geared towards this it creates a Virtual Private Network (VPN) where you get a secure tunnel to their connection and all your data is protected.

Also have used Droid VPN too
http://droidvpn.com/
https://play.google.com/store/apps/details?id=hotspotshield.android.vpn
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
post #9 of 11
Thread Starter 
Quote:
Originally Posted by linkinparkfan007 View Post

You need to use something like Hotspot Shield. Geared towards this it creates a Virtual Private Network (VPN) where you get a secure tunnel to their connection and all your data is protected.
Also have used Droid VPN too
http://droidvpn.com/
https://play.google.com/store/apps/details?id=hotspotshield.android.vpn

I thought about it, but it's too much hazzle for me, needing to turn it on off... on a day I probably would do this 10 times. So I was wondering if this would work similar to tunneling, as it works in the background, with no need to enable it: https://play.google.com/store/apps/details?id=com.gurkedev.wifiprotector&hl=
Edited by nicoliani - 12/10/12 at 2:20pm
post #10 of 11
Looks like that will work fine smile.gif
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
ESXi Home Box
(6 items)
 
The Workstation.
(16 items)
 
 
CPURAMHard DriveOS
Dual L5630 72GB DDR3 RECC 120GB VERTEX 4 + 6TB RAID5 ESXi 6.0 U2 
Other
Dell PowedgeR710  
CPUGraphicsRAMHard Drive
Intel Core i5 2.4GHZ Intel Iris Pro 16GB DDR3 256GB PCI-e x2 
OSKeyboardMouse
OSX 10.11 + Win 10 Apple Wireless Keyboard Apple Magic Trackpad 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Open network WIFI security