Comments on: Free WiFi: Price? All your personal information http://www.welivesecurity.com/2011/07/14/free-wifi-price-all-your-personal-information/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Mike http://www.welivesecurity.com/2011/07/14/free-wifi-price-all-your-personal-information/#comment-3171 Tue, 07 Aug 2012 17:41:01 +0000 http://blog.eset.com/?p=8603#comment-3171 I was talking about this to someone recently who was logging into their workplace FTP on a public network. They didn't want to listen but I mean he's just hanging his details out there.
I was looking at getting a wifi repeater the other day (this one ) and it occured to me that considering I'm frequently connecting new devices to my network the only reason I know I'm actually connecting to my network for sure is my ancient access point covers my room and barely anything more. Maybe I should just stick with the bad range in favour of security.

]]>
By: Cameron Camp http://www.welivesecurity.com/2011/07/14/free-wifi-price-all-your-personal-information/#comment-3170 Fri, 29 Jul 2011 18:16:44 +0000 http://blog.eset.com/?p=8603#comment-3170 @Jason: Thanks for the comments. I can think of a few other ways to do the same thing as well, but for users, similar advice applies.

]]>
By: Jason http://www.welivesecurity.com/2011/07/14/free-wifi-price-all-your-personal-information/#comment-3169 Mon, 25 Jul 2011 06:15:18 +0000 http://blog.eset.com/?p=8603#comment-3169 To follow up on the last comment, any competent hacker would just set up a man in the middle attack on the “evil twin” WiFi access point. And the easiest is if they force a downgrade to HTTP, which is not technically difficult, as this would not even show the certificate error dialog box to the user.

]]>
By: Jason http://www.welivesecurity.com/2011/07/14/free-wifi-price-all-your-personal-information/#comment-3168 Mon, 25 Jul 2011 05:53:51 +0000 http://blog.eset.com/?p=8603#comment-3168 Sorry Cameron, your article goes to pot on the details. Hackers will not try to decrypt credentials that were encrypted over HTTPS. There is much lower hanging fruit for them to attack, like unecrypted mail sessions and stealing live session ala Firesheep methods.

]]>