Sony Store guy tells me to go live in a cave. (long w/pics + a Q)

[StevieG]

[ QUOTE ]
guids and n.s. are giving good advice.

I will add to what n.s. said though. Your bank, brokerage firm, reputable e-commerce sites, Gmail, etc, are all using encryption (you'll see a padlock in your browser) when you are handing off a password to them.

However many other sites where you use a password, including 2+2, are not encrypted when you hand off the password.

Therefore if you use the same password everywhere then that increases your risk when using wireless.

I suggest not using the same password everywhere, and certainly not using the same password for unencrypted sites that you use for encrypted sites with information you really want to protect.

[/ QUOTE ]

[guids]

This caveat is, even though your bank, gmail, etc passwords are sent over ssl (encryption), it is fairly easy to get those passwords. What an attcker does is set up a fake website on his laptop, and impersonates the AP (what your laptops connects to), then he looks at all the information in unencrypted form, because his fake website doesnt use encryption, takes that info, sends it to its real destination over the internet, and transmits any response back to your computer. Hence the name man in the midddle


(your box)--------(his laptop)---------internet

[Howard Beale]

[ QUOTE ]
guids and n.s. are giving good advice.

I will add to what n.s. said though. Your bank, brokerage firm, reputable e-commerce sites, Gmail, etc, are all using encryption (you'll see a padlock in your browser) when you are handing off a password to them.

However many other sites where you use a password, including 2+2, are not encrypted when you hand off the password.

Therefore if you use the same password everywhere then wireless might be very dangerous for you.

I suggest not using the same password everywhere, and certainly not using the same password for unencrypted sites that you use for encrypted sites with information you really want to protect.

[/ QUOTE ]

I use different passwords for every site that I need one for. If anybody steals my notebook I'm in trouble. However, there are only a couple that I use on encrypted sites and those I have memorized.

A basic question:

How does the encryption work when sending the info from MY computer to the bank's secure system? That's what I don't get. Does my computer somehow send out info that's encrypted w/o me knowing anything about it automatically?

[guids]

yes, the webbrowser you are using has a built in transparent encrption, so even though you may not know it you are sending encrypted info at certan times, you can tell when if you see a little lock at the bottom of the screen in IE

[Jcrew]

Unless you have the habit of checking the security certificates of the websites, I would not do any sensitive logins while using a public WiFi station.

[gol4pro]

A+.

[Rootabager]

Should have bashed him over the head with a computer cave man style. Then drug one of the bitches working there out by her hair.

[DeadMoney_J]

[ QUOTE ]
Howard,

I can't answer the wireless question, but I can recommend that you daisy chain your Claymores together if you decide to go the cave route. Hope this helps.

[/ QUOTE ]

QFT. One of the best and most practical pieces of advice that I've ever seen given in OOT.

[blutarski]

They just found some ancient buddhist drawings in caves in Nepal.

[n.s.]

[ QUOTE ]
This caveat is, even though your bank, gmail, etc passwords are sent over ssl (encryption), it is fairly easy to get those passwords. What an attcker does is set up a fake website on his laptop, and impersonates the AP (what your laptops connects to), then he looks at all the information in unencrypted form, because his fake website doesnt use encryption, takes that info, sends it to its real destination over the internet, and transmits any response back to your computer. Hence the name man in the midddle


(your box)--------(his laptop)---------internet

[/ QUOTE ]

Good point - I never really thought of faking an access point to do this sort of attack. Would the attacker have to disable the real AP first somehow (DOS attack?) so that Howard's computer doesn't find the real one first? Or can it just beat it to the punch when the laptop searches for a DHCP server?