Buying shit online over an unsecured wireless connection

Discussion in 'OT Technology' started by 9volt, May 8, 2007.

  1. 9volt

    9volt If you see me running, try to keep up

    Joined:
    Sep 19, 2002
    Messages:
    2,817
    Likes Received:
    0
    Location:
    Huntington Beach, CA
    How safe is it, in comparison to a wired connection, or even a secured wireless connection, to send information over the interweb via an unsecured wireless connection?
     
  2. Create

    Create :free at last:

    Joined:
    Jan 4, 2006
    Messages:
    8,043
    Likes Received:
    2
    99.9% chance you're fine, even if you don't have shit for virus protection.

    THe consequences of that 1 in 1000, though, that someone rapes your CC/account, are huge.

    Do it from work or school.
     
  3. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I've been doing it for years.
     
  4. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,422
    Likes Received:
    270
    Location:
    Northwest Mejicooooooo
    Any web site that sells things should have an SSL connection which protects the content from their server to your browser. The whole internet is composed of insecure connections. Adding one more in the form of open wifi won't matter if the site uses SSL. I wouldn't give my credit card number to a site that didn't use SSL even over my wired home connection.
     
  5. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    This is very true. All WiFi encryption does is restrict users' ability to connect without human authorization; any important task you do online either is protected with SSL, or should be protected with SSL. Even e-mail encryption certificates are free from www.comodo.com, if you're really paranoid.
     
  6. Create

    Create :free at last:

    Joined:
    Jan 4, 2006
    Messages:
    8,043
    Likes Received:
    2
    999/1000

    For you, less. For the unknown random with unknown local protection, more.
     
  7. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I've had credit card numbers stolen twice in the past five years. In both instances it was traced to purchases made at a brick/mortar store; once it was confirmed that the number was lifted from a store-copy receipt that was improperly disposed-of, the other time is uncertain but probably similar.

    I've never once had any problem ordering online. Online ordering is, as you pointed out, protected by 128-bit SSL public-key encryption, regardless of the type of physical connection used.
     
  8. Raslafor

    Raslafor New Member

    Joined:
    May 2, 2007
    Messages:
    328
    Likes Received:
    0
    Location:
    MA
    I wouldn't recommend sending personal information using a public wireless network like they have at some coffee shops. I've been told that before, although I've never been given an explanation as to why. I'm assuming it's possible for people to somehow get your personal information that way, but I'm not 100% sure if it's true or not. I guess you shouldn't just to be safe.
     
  9. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,422
    Likes Received:
    270
    Location:
    Northwest Mejicooooooo
    Anyone sitting outside or at another table could listen in on every packet sent over the air. If you use pop3 email, your email address and password are sent in the clear. Once someone has that, they could try various sites like PayPal or banks and attempt to logon using the same username/password since most people use the same combination across lots of sites. Of course, if you do everything within a VPN tunnel or SSL connection to a web site, you're OK even though the underlying wifi link is insecure. An eavesdropper would just see unintelligible packets going over the air.
     
  10. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Yea, SSL gives you a reasonable level of security.
     
  11. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    Email encryption through PGP is also free, and doesn't require some bullshit central authority.
     
  12. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    For email, I use imap over SSL. I have some dreamhost accounts, and they support it, which is cool. Not too hard to setup for you own server as well.
     
  13. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    If it's free, who gives a damn if it's issued by a central authority? If they ever decide to revoke it, you can just go get another from somewhere else. Besides, PGP can't be used to determine if the communication is coming from the authorized owner of the code, because there's nobody to vouch for it.
     
  14. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    Everything I've read and heard says that the trust on commercial certificates is really not that great, either. That is, it's not hard to get one that says you're someone you're not. PGP can be used to verify identity if you exchange keys in person, or if you have a key signing party.
     

Share This Page