I was looking around researching wifi security and saw that somebody can read somebody else's cookies when they hook up to his LAN via a wireless access point. He says he can view passwords to all sorts of accounts and routinely goes into people's accounts but "doesn't do anything bad."
Anyway, what prevents somebody at a hotel from doing the same thing? Could any jackass on a hotel network set up a sniffer and get pretty much everyone info?
A couple of Premier Inns that I've stayed in have outsourced their wireless to Swisscom. Both of them were unencrypted, so yes, anyone could sniff the traffic if they were in the right place.
I think jiwire's out of business, but I recently used
Think again:
"JiWire Closes $11 Million in Funding to Expand..."
JiWire changed their business model since they found where money is made (not in Wi-Fi security). They are far from being out of business.
Most financial and banking web sites offer SSL (secure socket layer) encryption between your browser and the bank. The degree of encryption varies among banks. Some encrypt the entire session. Others only encrypt logins and specific sessions.
Despite SSL and authentication, there are still problems:
These problems are not unique to wireless and can also ocurr with a wired internet connection. All I can offer is the usual "be careful" warning. The one that worries me is where banks place a secure login box in the middle of an unencrypted web page. That's an open invitation to a man-in-the-middle exploit. Wells Fargo, my bank, is a prime culprit.
A real danger in wireless online banking using Wi-Fi is a spoofed or faked web site designed to trick you into logging in with your login and password. Banks use various measures to avoid fraudulent web sites, but all rely on the user recognizing the difference between the real site and the fake. That's not really reliable.
If you're paranoid, discuss using x.509 certificates and a one time password generator (S/key) dongle with your bank. They may not do anything, but they might recognize that there's a problem and therefore a demand for such devices. For example:
Most banks already use these for their employees and inside transactions.
Despite SSL and authentication, there are still problems:
These problems are not unique to wireless and can also ocurr with a wired internet connection. All I can offer is the usual "be careful" warning.
You could also use a VPN service, which would encrypt everything between your laptop and the proxy server. Sniffing would be impossible.
OK, I think I understand. I use Citizens Bank
Yep. SSL on all pages. Certificate issued and verified by VeriSign. Yeah, looks good enough. I can't tell if there are additional anti-spoofing features because I can't login.
Be advised that it is still possible to perform a man in the middle attack with SSL.
Note that IE 6.0 and before have a problem handling SSL properly. I consider this exploit unlikely, but still possible.
I think I understand. If I'm on a unverified network, or one I know can possibly be compromised (college?) do my banking from the computer lab...
If the session is encrypted with a modern version of SSL (HTTPS) and you don't do anything silly like ignore a certificate warning and accept an invalid certificate, then you're safe using SSL.
Assume that anything that doesn't use SSL is completely publicly accessible (and not just in hotels, this goes for any wifi connection regardless of encryption)
In the context of this thread, I guess. I used jiwire's VPN service for a few years, they sent an email informing me they were discontinuing the consumer service, which was a shame, it was only $25 a year, if I remember.
Thanks. I didn't know that they had shut down the VPN service (Hotspot Helper).
I got creative and setup my own VPN termination on an colocated customers server. Lots of bandwidth but I don't use it much. I have
5 laptops and 2 PDA phones, but no time to use them at coffee shops (except for troubleshooting). Sigh.I haven't looked to see what else is available for VPN's:
(plenty more...) Prices run around $10/month. It appears that few care much about wireless security, but are mostly interested in providing a proxy server for anonymous surfing (used mostly to bypass access restrictions).
I know odd question but has anyone seen or run across an wifi (g) thermometer that can be accessed via a LAN or for that mater an IP thermometer? Plenty of wireless ones via Google but have a need to place one outside and have it readable from the LAN if possible.
Thanks for hints or suggestions
fundamentalism, fundamentally wrong.
It's not Wifi and I'm sure there are more polished products out there, but if you enjoy building stuff look at these:
http://www.microelemente.ro/produse-si-servicii/
On Tue, 07 Jul 2009 13:28:18 GMT, rico snipped-for-privacy@hotmail.com (Rico) wrote in :
Expensive:
Only one temperature? If so, then it's much easier to communicate the temperature using one of the cheap consumer 49MHz wireless sensors to a base unit that has ethernet, than to do all the processing outdoors, and communicate the results via wireless. For example, the typical wireless thermometer runs on two AA batteries and runs for 2 years. A Wi-Fi link will require far more power to operate. Search for wireless weather stations with ethernet:
If you really want to get crude, just get a decent hand held optical IR thermometer
and point it outside to a fixed object to get its temperature. Then read the display or connect it to something that does ethernet. Some such IR thermometers have a serial output for a data logger.
Argh. I meant 433.925MHz.
Ooops, that won't work. The IR thermometer give the surface temperature of some object. You probably want the air temperature.
I have had a couple of Oregon Scientific weather stations in the last 10 years and while the base stations have been reliable the remote Temp sensors have never lasted. I have used the 418MHz and 433MHz versions and had problems with:-
-5C to +50c and on a frosty morning I would lose the indication on the base station and you had to wait for the temp to increase and you would then have to force the base station to do a search to get the remote sensor to synchronise.
After having about 8 remote sensors I have eventually given up on them.
In light of issues with simple radio telemetry sensors, I mention FWIW a simple WiFi solution that has been proven by years in the field: Ken McGuire has employed a Zipit Wireless Messenger as a weather station controller and 802.11b/g link for remote data acquisition for years:
One gains the facility of local data caching, data verification and error checking, arbitrary control of sensors and equipment and flexibility in programming by using a general purpose controller and wireless LAN. The 'Zipit' is tiny and a power miser - about the size of a deck of playing cards.
Michael
Quite a few high-end weatherstations have USB connections and can be interrogated via suitable software.
Most of the ones I'm aware of have wireless sensors (933Mhz seems common), and a base-station that can be hooked up to a computer. I would expect that to be more reliable as the sensitive electronics can be kept in the dry, and all you need outside is a simple digital meter and UHF transmitter.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.